Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions | Variables
pkcs11i.h File Reference
#include "nssilock.h"
#include "seccomon.h"
#include "secoidt.h"
#include "lowkeyti.h"
#include "pkcs11t.h"
#include "pcertt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  SFTKAttributeStr
struct  SFTKObjectListStr
struct  SFTKObjectFreeListStr
struct  SFTKObjectStr
struct  SFTKTokenObjectStr
struct  SFTKSessionObjectStr
struct  SFTKObjectListElementStr
struct  SFTKSearchResultsStr
struct  SFTKSessionContextStr
struct  SFTKSessionStr
struct  SFTKSlotStr
struct  SFTKHashVerifyInfoStr
struct  SFTKHashSignInfoStr
struct  SFTKSSLMACInfoStr
struct  sftk_token_parametersStr
struct  sftk_parametersStr

Defines

#define MAX_OBJS_ATTRS
#define ATTR_SPACE
#define NSC_STRICT
#define NSC_CERT_BLOCK_SIZE   50
#define NSC_SEARCH_BLOCK_SIZE   5
#define NSC_SLOT_LIST_BLOCK_SIZE   10
#define NSC_FIPS_MODULE   1
#define NSC_NON_FIPS_MODULE   0
#define SPACE_ATTRIBUTE_HASH_SIZE   32
#define SPACE_SESSION_OBJECT_HASH_SIZE   32
#define SPACE_SESSION_HASH_SIZE   32
#define TIME_ATTRIBUTE_HASH_SIZE   32
#define TIME_SESSION_OBJECT_HASH_SIZE   1024
#define TIME_SESSION_HASH_SIZE   1024
#define MAX_OBJECT_LIST_SIZE   800
#define MAX_KEY_LEN   256
#define MULTIACCESS   "multiaccess:"
#define LOG2_BUCKETS_PER_SESSION_LOCK   1
#define BUCKETS_PER_SESSION_LOCK   (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
#define SFTK_MAX_BLOCK_SIZE   16
#define SFTK_MAX_MAC_LENGTH   64
#define SFTK_INVALID_MAC_SIZE   0xffffffff
#define SFTK_SESSION_SLOT_MASK   0xff000000L
#define SFTK_TOKEN_MASK   0x80000000L
#define SFTK_TOKEN_MAGIC   0x80000000L
#define SFTK_TOKEN_TYPE_MASK   0x70000000L
#define SFTK_TOKEN_TYPE_PRIV   0x10000000L
#define SFTK_TOKEN_TYPE_PUB   0x20000000L
#define SFTK_TOKEN_TYPE_KEY   0x30000000L
#define SFTK_TOKEN_TYPE_TRUST   0x40000000L
#define SFTK_TOKEN_TYPE_CRL   0x50000000L
#define SFTK_TOKEN_TYPE_SMIME   0x60000000L
#define SFTK_TOKEN_TYPE_CERT   0x70000000L
#define SFTK_TOKEN_KRL_HANDLE   (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
#define SFTK_MAX_PIN   255
#define FIPS_MIN_PIN   7
#define NETSCAPE_SLOT_ID   1
#define PRIVATE_KEY_SLOT_ID   2
#define FIPS_SLOT_ID   3
#define sftk_SlotFromSession(sp)   ((sp)->slot)
#define sftk_isToken(id)   (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
#define SHMULTIPLIER   1791398085
#define sftk_hash(value, size)   ((PRUint32)((value) * SHMULTIPLIER) & (size-1))
#define sftkqueue_add(element, id, head, hash_size)
#define sftkqueue_find(element, id, head, hash_size)
#define sftkqueue_is_queued(element, id, head, hash_size)
#define sftkqueue_delete(element, id, head, hash_size)
#define sftkqueue_init_element(element)   (element)->prev = NULL;
#define sftkqueue_add2(element, id, index, head)
#define sftkqueue_find2(element, id, index, head)
#define sftkqueue_delete2(element, id, index, head)
#define sftkqueue_clear_deleted_element(element)
#define SFTK_SESSION_LOCK(slot, handle)   ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
#define sftk_attr_expand(ap)   (ap)->type,(ap)->pValue,(ap)->ulValueLen
#define sftk_item_expand(ip)   (ip)->data,(ip)->len
#define PATH_SEPARATOR   "/"
#define SECMOD_DB   "secmod.db"
#define CERT_DB_FMT   "%scert%s.db"
#define KEY_DB_FMT   "%skey%s.db"

Typedefs

typedef struct SFTKAttributeStr
typedef struct SFTKObjectListStr
typedef struct SFTKObjectFreeListStr
typedef struct SFTKObjectListElementStr
typedef struct SFTKObjectStr
typedef struct SFTKSessionObjectStr
typedef struct SFTKTokenObjectStr
typedef struct SFTKSessionStr
typedef struct SFTKSlotStr
typedef struct SFTKSessionContextStr
typedef struct SFTKSearchResultsStr
typedef struct SFTKHashVerifyInfoStr
typedef struct SFTKHashSignInfoStr
typedef struct SFTKSSLMACInfoStr
typedef void(* SFTKDestroy )(void *, PRBool)
typedef void(* SFTKBegin )(void *)
typedef SECStatus(* SFTKCipher )(void *, void *, unsigned int *, unsigned int, void *, unsigned int)
typedef SECStatus(* SFTKVerify )(void *, void *, unsigned int, void *, unsigned int)
typedef void(* SFTKHash )(void *, void *, unsigned int)
typedef void(* SFTKEnd )(void *, void *, unsigned int *, unsigned int)
typedef void(* SFTKFree )(void *)
typedef struct
sftk_token_parametersStr 
sftk_token_parameters
typedef struct sftk_parametersStr sftk_parameters

Enumerations

enum  SFTKModifyType {
  SFTK_NEVER = 0, SFTK_ONCOPY = 1, SFTK_SENSITIVE = 2, SFTK_ALWAYS = 3,
  SFTK_NEVER = 0, SFTK_ONCOPY = 1, SFTK_SENSITIVE = 2, SFTK_ALWAYS = 3
}
enum  SFTKFreeStatus {
  SFTK_DestroyFailure, SFTK_Destroyed, SFTK_Busy, SFTK_DestroyFailure,
  SFTK_Destroyed, SFTK_Busy
}
enum  SFTKContextType {
  SFTK_ENCRYPT, SFTK_DECRYPT, SFTK_HASH, SFTK_SIGN,
  SFTK_SIGN_RECOVER, SFTK_VERIFY, SFTK_VERIFY_RECOVER, SFTK_ENCRYPT,
  SFTK_DECRYPT, SFTK_HASH, SFTK_SIGN, SFTK_SIGN_RECOVER,
  SFTK_VERIFY, SFTK_VERIFY_RECOVER
}

Functions

CK_RV nsc_CommonInitialize (CK_VOID_PTR pReserved, PRBool isFIPS)
CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
CK_RV nsc_CommonGetSlotList (CK_BBOOL tokPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex)
CK_RV SFTK_SlotInit (char *configdir, sftk_token_parameters *params, int moduleIndex)
CK_RV SFTK_SlotReInit (SFTKSlot *slot, char *configdir, sftk_token_parameters *params, int moduleIndex)
CK_RV SFTK_DestroySlotData (SFTKSlot *slot)
CK_RV SFTK_ShutdownSlot (SFTKSlot *slot)
SFTKAttribute * sftk_FindAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
void sftk_FreeAttribute (SFTKAttribute *attribute)
CK_RV sftk_AddAttributeType (SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *valPtr, CK_ULONG length)
CK_RV sftk_Attribute2SecItem (PLArenaPool *arena, SECItem *item, SFTKObject *object, CK_ATTRIBUTE_TYPE type)
unsigned int sftk_GetLengthInBits (unsigned char *buf, unsigned int bufLen)
CK_RV sftk_ConstrainAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple)
PRBool sftk_hasAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
PRBool sftk_isTrue (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
void sftk_DeleteAttributeType (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
CK_RV sftk_Attribute2SSecItem (PLArenaPool *arena, SECItem *item, SFTKObject *object, CK_ATTRIBUTE_TYPE type)
SFTKModifyType sftk_modifyType (CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
PRBool sftk_isSensitive (CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
char * sftk_getString (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
void sftk_nullAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type)
CK_RV sftk_GetULongAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type, CK_ULONG *longData)
CK_RV sftk_forceAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len)
CK_RV sftk_defaultAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len)
unsigned int sftk_MapTrust (CK_TRUST trust, PRBool clientAuth)
SFTKObject * sftk_NewObject (SFTKSlot *slot)
CK_RV sftk_CopyObject (SFTKObject *destObject, SFTKObject *srcObject)
SFTKFreeStatus sftk_FreeObject (SFTKObject *object)
CK_RV sftk_DeleteObject (SFTKSession *session, SFTKObject *object)
void sftk_ReferenceObject (SFTKObject *object)
SFTKObject * sftk_ObjectFromHandle (CK_OBJECT_HANDLE handle, SFTKSession *session)
void sftk_AddSlotObject (SFTKSlot *slot, SFTKObject *object)
void sftk_AddObject (SFTKSession *session, SFTKObject *object)
CK_RV SFTK_ClearTokenKeyHashTable (SFTKSlot *slot)
CK_RV sftk_searchObjectList (SFTKSearchResults *search, SFTKObject **head, unsigned int size, PZLock *lock, CK_ATTRIBUTE_PTR inTemplate, int count, PRBool isLoggedIn)
SFTKObjectListElement * sftk_FreeObjectListElement (SFTKObjectListElement *objectList)
void sftk_FreeObjectList (SFTKObjectListElement *objectList)
void sftk_FreeSearch (SFTKSearchResults *search)
CK_RV sftk_handleObject (SFTKObject *object, SFTKSession *session)
SFTKSlot * sftk_SlotFromID (CK_SLOT_ID slotID, PRBool all)
SFTKSlot * sftk_SlotFromSessionHandle (CK_SESSION_HANDLE handle)
SFTKSession * sftk_SessionFromHandle (CK_SESSION_HANDLE handle)
void sftk_FreeSession (SFTKSession *session)
SFTKSession * sftk_NewSession (CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, CK_FLAGS flags)
void sftk_update_state (SFTKSlot *slot, SFTKSession *session)
void sftk_update_all_states (SFTKSlot *slot)
void sftk_FreeContext (SFTKSessionContext *context)
void sftk_InitFreeLists (void)
void sftk_CleanupFreeLists (void)
NSSLOWKEYPublicKey * sftk_GetPubKey (SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
NSSLOWKEYPrivateKey * sftk_GetPrivKey (SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
void sftk_FormatDESKey (unsigned char *key, int length)
PRBool sftk_CheckDESKey (unsigned char *key)
PRBool sftk_IsWeakKey (unsigned char *key, CK_KEY_TYPE key_type)
CK_RV secmod_parseParameters (char *param, sftk_parameters *parsed, PRBool isFIPS)
void secmod_freeParams (sftk_parameters *params)
char * secmod_getSecmodName (char *params, char **domain, char **filename, PRBool *rw)
char ** secmod_ReadPermDB (const char *domain, const char *filename, const char *dbname, char *params, PRBool rw)
SECStatus secmod_DeletePermDB (const char *domain, const char *filename, const char *dbname, char *args, PRBool rw)
SECStatus secmod_AddPermDB (const char *domain, const char *filename, const char *dbname, char *module, PRBool rw)
SECStatus secmod_ReleasePermDBData (const char *domain, const char *filename, const char *dbname, char **specList, PRBool rw)
CK_RV sftk_MechAllowsOperation (CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op)
CK_RV sftk_DBInit (const char *configdir, const char *certPrefix, const char *keyPrefix, PRBool readOnly, PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen, NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB)
NSSLOWCERTCertDBHandle * sftk_getCertDB (SFTKSlot *slot)
NSSLOWKEYDBHandle * sftk_getKeyDB (SFTKSlot *slot)
void sftk_freeCertDB (NSSLOWCERTCertDBHandle *certHandle)
void sftk_freeKeyDB (NSSLOWKEYDBHandle *keyHandle)
NSSLOWKEYPrivateKey * sftk_FindKeyByPublicKey (SFTKSlot *slot, SECItem *dbKey)
const char * sftk_EvaluateConfigDir (const char *configdir, char **domain)
SFTKSessionObject * sftk_narrowToSessionObject (SFTKObject *)
SFTKTokenObject * sftk_narrowToTokenObject (SFTKObject *)
void sftk_addHandle (SFTKSearchResults *search, CK_OBJECT_HANDLE handle)
PRBool sftk_poisonHandle (SFTKSlot *slot, SECItem *dbkey, CK_OBJECT_HANDLE handle)
PRBool sftk_tokenMatch (SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, CK_ATTRIBUTE_PTR theTemplate, int count)
CK_OBJECT_HANDLE sftk_mkHandle (SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class)
SFTKObject * sftk_NewTokenObject (SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle)
SFTKTokenObject * sftk_convertSessionToToken (SFTKObject *so)
CK_RV sftk_TLSPRFInit (SFTKSessionContext *context, SFTKObject *key, CK_KEY_TYPE key_type)

Variables

SEC_BEGIN_PROTOS PRBool nsf_init

Class Documentation

struct SFTKAttributeStr

Definition at line 169 of file pkcs11i.h.

Collaboration diagram for SFTKAttributeStr:
Class Members
CK_ATTRIBUTE attrib
PRBool freeAttr
PRBool freeData
CK_ATTRIBUTE_TYPE handle
SFTKAttribute * next
SFTKAttribute * prev
unsigned char space
struct SFTKObjectListStr

Definition at line 184 of file pkcs11i.h.

Class Members
SFTKObjectList * next
SFTKObject * parent
SFTKObjectList * prev
struct SFTKObjectFreeListStr

Definition at line 190 of file pkcs11i.h.

Collaboration diagram for SFTKObjectFreeListStr:
Class Members
int count
SFTKObject * head
PZLock * lock
struct SFTKObjectStr

Definition at line 199 of file pkcs11i.h.

Collaboration diagram for SFTKObjectStr:
Class Members
CK_OBJECT_HANDLE handle
SFTKFree infoFree
SFTKObject * next
CK_OBJECT_CLASS objclass
void * objectInfo
SFTKObject * prev
int refCount
PZLock * refLock
SFTKSlot * slot
struct SFTKTokenObjectStr

Definition at line 211 of file pkcs11i.h.

Class Members
SECItem dbKey
SFTKObject obj
struct SFTKSessionObjectStr

Definition at line 216 of file pkcs11i.h.

Collaboration diagram for SFTKSessionObjectStr:
Class Members
PZLock * attributeLock
SFTKAttribute attrList
unsigned int hashSize
SFTKAttribute * head
int nextAttr
SFTKObject obj
PRBool optimizeSpace
SFTKSession * session
SFTKObjectList sessionList
PRBool wasDerived
struct SFTKObjectListElementStr

Definition at line 232 of file pkcs11i.h.

Class Members
SFTKObjectListElement * next
SFTKObject * object
struct SFTKSearchResultsStr

Definition at line 240 of file pkcs11i.h.

Collaboration diagram for SFTKSearchResultsStr:
Class Members
int array_size
CK_OBJECT_HANDLE * handles
int index
int size
struct SFTKSessionContextStr

Definition at line 267 of file pkcs11i.h.

Class Members
unsigned int blockSize
void * cipherInfo
unsigned int cipherInfoLen
CK_MECHANISM_TYPE currentMech
SFTKDestroy destroy
PRBool doPad
SFTKEnd end
SFTKDestroy hashdestroy
void * hashInfo
SFTKHash hashUpdate
SFTKObject * key
unsigned char macBuf
CK_ULONG macSize
unsigned int maxLen
PRBool multi
unsigned char padBuf
unsigned int padDataLength
SFTKContextType type
SFTKCipher update
SFTKVerify verify
struct SFTKSessionStr

Definition at line 293 of file pkcs11i.h.

Collaboration diagram for SFTKSessionStr:
Class Members
CK_VOID_PTR appData
SFTKSessionContext * enc_context
CK_SESSION_HANDLE handle
SFTKSessionContext * hash_context
CK_SESSION_INFO info
SFTKSession * next
CK_NOTIFY notify
int objectIDCount
PZLock * objectLock
SFTKObjectList * objects
SFTKSession * prev
int refCount
SFTKSearchResults * search
SFTKSessionContext * sign_context
SFTKSlot * slot
struct SFTKSlotStr

Definition at line 337 of file pkcs11i.h.

Collaboration diagram for SFTKSlotStr:
Class Members
NSSLOWCERTCertDBHandle * certDB
PRBool DB_loaded
PRBool hasTokens
SFTKSession ** head
int index
PRBool isLoggedIn
NSSLOWKEYDBHandle * keyDB
int minimumPinLen
PRBool needLogin
unsigned int numSessionLocks
PZLock * objectLock
PRBool optimizeSpace
SECItem * password
PRBool present
PRLock * pwCheckLock
PRBool readOnly
PRInt32 rwSessionCount
unsigned int sessHashSize
int sessionCount
int sessionIDConflict
PRInt32 sessionIDCount
PZLock ** sessionLock
unsigned long sessionLockMask
PRUint32 sessionObjectHandleCount
unsigned int sessObjHashSize
SFTKObject ** sessObjHashTable
char slotDescription
CK_SLOT_ID slotID
PZLock * slotLock
PRBool ssoLoggedIn
char tokDescription
PLHashTable * tokenHashTable
int tokenIDCount
SFTKObject ** tokObjects
unsigned int tokObjHashSize
PLHashTable * tokObjHashTable
struct SFTKHashVerifyInfoStr

Definition at line 378 of file pkcs11i.h.

Class Members
SECOidTag hashOid
NSSLOWKEYPublicKey * key
struct SFTKHashSignInfoStr

Definition at line 383 of file pkcs11i.h.

Class Members
SECOidTag hashOid
NSSLOWKEYPrivateKey * key
struct SFTKSSLMACInfoStr

Definition at line 389 of file pkcs11i.h.

Collaboration diagram for SFTKSSLMACInfoStr:
Class Members
SFTKBegin begin
SFTKEnd end
void * hashContext
unsigned char key
unsigned int keySize
CK_ULONG macSize
int padSize
SFTKHash update
struct sftk_token_parametersStr

Definition at line 506 of file pkcs11i.h.

Collaboration diagram for sftk_token_parametersStr:
Class Members
char * certPrefix
char * configdir
PRBool forceOpen
char * keyPrefix
int minPW
PRBool noCertDB
PRBool noKeyDB
PRBool optimizeSpace
PRBool pwRequired
PRBool readOnly
char * slotdes
CK_SLOT_ID slotID
char * tokdes
struct sftk_parametersStr

Definition at line 522 of file pkcs11i.h.

Collaboration diagram for sftk_parametersStr:
Class Members
char * configdir
PRBool forceOpen
char * libdes
char * man
PRBool noCertDB
PRBool noModDB
PRBool optimizeSpace
PRBool pwRequired
PRBool readOnly
char * secmodName
int token_count
sftk_token_parameters * tokens

Define Documentation

Value:
50            /* Maximum size of attribute data before extra
                             * data needs to be allocated. This is set to
                             * enough space to hold an SSL MASTER secret */

Definition at line 65 of file pkcs11i.h.

Definition at line 114 of file pkcs11i.h.

#define CERT_DB_FMT   "%scert%s.db"

Definition at line 547 of file pkcs11i.h.

Definition at line 425 of file pkcs11i.h.

Definition at line 430 of file pkcs11i.h.

#define KEY_DB_FMT   "%skey%s.db"

Definition at line 548 of file pkcs11i.h.

Definition at line 113 of file pkcs11i.h.

#define MAX_KEY_LEN   256

Definition at line 93 of file pkcs11i.h.

Definition at line 90 of file pkcs11i.h.

Value:
45     /* number of attributes to preallocate in
                             * the object (must me the absolute max) */

Definition at line 64 of file pkcs11i.h.

#define MULTIACCESS   "multiaccess:"

Definition at line 95 of file pkcs11i.h.

Definition at line 428 of file pkcs11i.h.

Definition at line 69 of file pkcs11i.h.

Definition at line 73 of file pkcs11i.h.

Definition at line 74 of file pkcs11i.h.

Definition at line 70 of file pkcs11i.h.

Definition at line 71 of file pkcs11i.h.

Value:
PR_FALSE  /* forces the code to do strict template
                               * matching when doing C_FindObject on token
                               * objects. This will slow down search in
                               * NSS. */

Definition at line 67 of file pkcs11i.h.

Definition at line 545 of file pkcs11i.h.

Definition at line 429 of file pkcs11i.h.

#define SECMOD_DB   "secmod.db"

Definition at line 546 of file pkcs11i.h.

#define sftk_attr_expand (   ap)    (ap)->type,(ap)->pValue,(ap)->ulValueLen

Definition at line 503 of file pkcs11i.h.

#define sftk_hash (   value,
  size 
)    ((PRUint32)((value) * SHMULTIPLIER) & (size-1))

Definition at line 440 of file pkcs11i.h.

#define SFTK_INVALID_MAC_SIZE   0xffffffff

Definition at line 265 of file pkcs11i.h.

Definition at line 434 of file pkcs11i.h.

#define sftk_item_expand (   ip)    (ip)->data,(ip)->len

Definition at line 504 of file pkcs11i.h.

Definition at line 262 of file pkcs11i.h.

Definition at line 264 of file pkcs11i.h.

#define SFTK_MAX_PIN   255

Definition at line 423 of file pkcs11i.h.

#define SFTK_SESSION_LOCK (   slot,
  handle 
)    ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])

Definition at line 498 of file pkcs11i.h.

#define SFTK_SESSION_SLOT_MASK   0xff000000L

Definition at line 403 of file pkcs11i.h.

#define sftk_SlotFromSession (   sp)    ((sp)->slot)

Definition at line 433 of file pkcs11i.h.

Definition at line 421 of file pkcs11i.h.

#define SFTK_TOKEN_MAGIC   0x80000000L

Definition at line 409 of file pkcs11i.h.

#define SFTK_TOKEN_MASK   0x80000000L

Definition at line 408 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_CERT   0x70000000L

Definition at line 419 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_CRL   0x50000000L

Definition at line 417 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_KEY   0x30000000L

Definition at line 414 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_MASK   0x70000000L

Definition at line 410 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_PRIV   0x10000000L

Definition at line 412 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_PUB   0x20000000L

Definition at line 413 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_SMIME   0x60000000L

Definition at line 418 of file pkcs11i.h.

#define SFTK_TOKEN_TYPE_TRUST   0x40000000L

Definition at line 416 of file pkcs11i.h.

#define sftkqueue_add (   element,
  id,
  head,
  hash_size 
)
Value:
{ int tmp = sftk_hash(id,hash_size); \
       (element)->next = (head)[tmp]; \
       (element)->prev = NULL; \
       if ((head)[tmp]) (head)[tmp]->prev = (element); \
       (head)[tmp] = (element); }

Definition at line 442 of file pkcs11i.h.

#define sftkqueue_add2 (   element,
  id,
  index,
  head 
)
Value:
{                                            \
       (element)->next = (head)[index];         \
       if ((head)[index])                       \
           (head)[index]->prev = (element);     \
       (head)[index] = (element);               \
    }

Definition at line 465 of file pkcs11i.h.

Value:
(element)->next = NULL; \
       (element)->prev = NULL; \

Definition at line 485 of file pkcs11i.h.

#define sftkqueue_delete (   element,
  id,
  head,
  hash_size 
)
Value:
if ((element)->next) (element)->next->prev = (element)->prev; \
       if ((element)->prev) (element)->prev->next = (element)->next; \
          else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
       (element)->next = NULL; \
       (element)->prev = NULL; \

Definition at line 455 of file pkcs11i.h.

#define sftkqueue_delete2 (   element,
  id,
  index,
  head 
)
Value:
if ((element)->next) (element)->next->prev = (element)->prev; \
       if ((element)->prev) (element)->prev->next = (element)->next; \
          else (head)[index] = ((element)->next);

Definition at line 480 of file pkcs11i.h.

#define sftkqueue_find (   element,
  id,
  head,
  hash_size 
)
Value:
for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
                                    (element) = (element)->next) { \
           if ((element)->handle == (id)) { break; } }

Definition at line 448 of file pkcs11i.h.

#define sftkqueue_find2 (   element,
  id,
  index,
  head 
)
Value:
for ( (element) = (head)[index];              \
          (element) != NULL;                      \
          (element) = (element)->next) {          \
       if ((element)->handle == (id)) { break; } \
    }

Definition at line 473 of file pkcs11i.h.

#define sftkqueue_init_element (   element)    (element)->prev = NULL;

Definition at line 462 of file pkcs11i.h.

#define sftkqueue_is_queued (   element,
  id,
  head,
  hash_size 
)
Value:
( ((element)->next) || ((element)->prev) || \
        ((head)[sftk_hash(id,hash_size)] == (element)) )

Definition at line 452 of file pkcs11i.h.

#define SHMULTIPLIER   1791398085

Definition at line 437 of file pkcs11i.h.

Definition at line 84 of file pkcs11i.h.

Definition at line 86 of file pkcs11i.h.

Definition at line 85 of file pkcs11i.h.

Definition at line 87 of file pkcs11i.h.

Definition at line 89 of file pkcs11i.h.

Definition at line 88 of file pkcs11i.h.


Typedef Documentation

typedef struct SFTKAttributeStr

Definition at line 118 of file pkcs11i.h.

typedef void(* SFTKBegin)(void *)

Definition at line 135 of file pkcs11i.h.

typedef SECStatus(* SFTKCipher)(void *, void *, unsigned int *, unsigned int, void *, unsigned int)

Definition at line 136 of file pkcs11i.h.

typedef void(* SFTKDestroy)(void *, PRBool)

Definition at line 134 of file pkcs11i.h.

typedef void(* SFTKEnd)(void *, void *, unsigned int *, unsigned int)

Definition at line 140 of file pkcs11i.h.

typedef void(* SFTKFree)(void *)

Definition at line 141 of file pkcs11i.h.

typedef void(* SFTKHash)(void *, void *, unsigned int)

Definition at line 139 of file pkcs11i.h.

typedef struct SFTKHashSignInfoStr

Definition at line 130 of file pkcs11i.h.

typedef struct SFTKHashVerifyInfoStr

Definition at line 129 of file pkcs11i.h.

typedef struct SFTKObjectFreeListStr

Definition at line 120 of file pkcs11i.h.

typedef struct SFTKObjectListElementStr

Definition at line 121 of file pkcs11i.h.

typedef struct SFTKObjectListStr

Definition at line 119 of file pkcs11i.h.

typedef struct SFTKObjectStr

Definition at line 122 of file pkcs11i.h.

typedef struct SFTKSearchResultsStr

Definition at line 128 of file pkcs11i.h.

typedef struct SFTKSessionContextStr

Definition at line 127 of file pkcs11i.h.

typedef struct SFTKSessionObjectStr

Definition at line 123 of file pkcs11i.h.

typedef struct SFTKSessionStr

Definition at line 125 of file pkcs11i.h.

typedef struct SFTKSlotStr

Definition at line 126 of file pkcs11i.h.

typedef struct SFTKSSLMACInfoStr

Definition at line 131 of file pkcs11i.h.

typedef struct SFTKTokenObjectStr

Definition at line 124 of file pkcs11i.h.

typedef SECStatus(* SFTKVerify)(void *, void *, unsigned int, void *, unsigned int)

Definition at line 138 of file pkcs11i.h.


Enumeration Type Documentation

Enumerator:
SFTK_ENCRYPT 
SFTK_DECRYPT 
SFTK_HASH 
SFTK_SIGN 
SFTK_SIGN_RECOVER 
SFTK_VERIFY 
SFTK_VERIFY_RECOVER 
SFTK_ENCRYPT 
SFTK_DECRYPT 
SFTK_HASH 
SFTK_SIGN 
SFTK_SIGN_RECOVER 
SFTK_VERIFY 
SFTK_VERIFY_RECOVER 

Definition at line 251 of file pkcs11i.h.

Enumerator:
SFTK_DestroyFailure 
SFTK_Destroyed 
SFTK_Busy 
SFTK_DestroyFailure 
SFTK_Destroyed 
SFTK_Busy 

Definition at line 160 of file pkcs11i.h.

             {
Enumerator:
SFTK_NEVER 
SFTK_ONCOPY 
SFTK_SENSITIVE 
SFTK_ALWAYS 
SFTK_NEVER 
SFTK_ONCOPY 
SFTK_SENSITIVE 
SFTK_ALWAYS 

Definition at line 149 of file pkcs11i.h.

             {

Function Documentation

CK_RV nsc_CommonFinalize ( CK_VOID_PTR  pReserved,
PRBool  isFIPS 
)

Definition at line 3136 of file pkcs11.c.

{
    

    nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE);

    /* don't muck with the globals is our peer is still initialized */
    if (isFIPS && nsc_init) {
       return CKR_OK;
    }
    if (!isFIPS && nsf_init) {
       return CKR_OK;
    }

    sftk_CleanupFreeLists();
    nsslowcert_DestroyFreeLists();
    nsslowcert_DestroyGlobalLocks();

    /* This function does not discard all our previously aquired entropy. */
    RNG_RNGShutdown();

    /* tell freeBL to clean up after itself */
    BL_Cleanup();
    /* unload freeBL shared library from memory */
    BL_Unload();
    /* clean up the default OID table */
    SECOID_Shutdown();
    nsc_init = PR_FALSE;

    return CKR_OK;
}
CK_RV nsc_CommonGetSlotList ( CK_BBOOL  tokPresent,
CK_SLOT_ID_PTR  pSlotList,
CK_ULONG_PTR  pulCount,
int  moduleIndex 
)

Definition at line 3206 of file pkcs11.c.

{
    *pulCount = nscSlotCount[moduleIndex];
    if (pSlotList != NULL) {
       PORT_Memcpy(pSlotList,nscSlotList[moduleIndex],
                            nscSlotCount[moduleIndex]*sizeof(CK_SLOT_ID));
    }
    return CKR_OK;
}
CK_RV nsc_CommonInitialize ( CK_VOID_PTR  pReserved,
PRBool  isFIPS 
)

Definition at line 3015 of file pkcs11.c.

{
    CK_RV crv = CKR_OK;
    SECStatus rv;
    CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *) pReserved;
    int i;
    int moduleIndex = isFIPS? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE;


    if (isFIPS) {
       loginWaitTime = PR_SecondsToInterval(1);
    }

    rv = secoid_Init();
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }

    rv = RNG_RNGInit();         /* initialize random number generator */
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }
    RNG_SystemInfoForRNG();

    rv = nsslowcert_InitLocks();
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }


    /* NOTE:
     * we should be getting out mutexes from this list, not statically binding
     * them from NSPR. This should happen before we allow the internal to split
     * off from the rest on NSS.
     */

    /* initialize the key and cert db's */
    nsslowkey_SetDefaultKeyDBAlg
                          (SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC);
    if (init_args && (!(init_args->flags & CKF_OS_LOCKING_OK))) {
        if (init_args->CreateMutex && init_args->DestroyMutex &&
            init_args->LockMutex && init_args->UnlockMutex) {
            /* softoken always uses NSPR (ie. OS locking), and doesn't know how
             * to use the lock functions provided by the application.
             */
            crv = CKR_CANT_LOCK;
            return crv;
        }
        if (init_args->CreateMutex || init_args->DestroyMutex ||
            init_args->LockMutex || init_args->UnlockMutex) {
            /* only some of the lock functions were provided by the
             * application. This is invalid per PKCS#11 spec.
             */
            crv = CKR_ARGUMENTS_BAD;
            return crv;
        }
    }
    crv = CKR_ARGUMENTS_BAD;
    if ((init_args && init_args->LibraryParameters)) {
       sftk_parameters paramStrings;
       
       crv = secmod_parseParameters
              ((char *)init_args->LibraryParameters, &paramStrings, isFIPS);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_configure(paramStrings.man, paramStrings.libdes);
        if (crv != CKR_OK) {
           goto loser;
       }

       /* if we have a peer already open, have him close his DB's so we
        * don't clobber each other. */
       if ((isFIPS && nsc_init) || (!isFIPS && nsf_init)) {
           sftk_closePeer(isFIPS);
           if (sftk_audit_enabled) {
              if (isFIPS && nsc_init) {
                  sftk_LogAuditMessage(NSS_AUDIT_INFO, "enabled FIPS mode");
              } else {
                  sftk_LogAuditMessage(NSS_AUDIT_INFO, "disabled FIPS mode");
              }
           }
       }

       for (i=0; i < paramStrings.token_count; i++) {
           crv = SFTK_SlotInit(paramStrings.configdir, 
                     &paramStrings.tokens[i],
                     moduleIndex);
           if (crv != CKR_OK) {
                nscFreeAllSlots(moduleIndex);
                break;
            }
       }
loser:
       secmod_freeParams(&paramStrings);
    }
    if (CKR_OK == crv) {
        sftk_InitFreeLists();
    }

    return crv;
}
SECStatus secmod_AddPermDB ( const char *  domain,
const char *  filename,
const char *  dbname,
char *  module,
PRBool  rw 
)

Definition at line 984 of file pk11db.c.

{
    DBT key,data;
    SECStatus rv = SECFailure;
    DB *pkcs11db = NULL;
    int ret;


    if (!rw) return SECFailure;

    /* make sure we have a db handle */
    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE,PR_FALSE);
    if (pkcs11db == NULL) {
       return SECFailure;
    }

    rv = secmod_MakeKey(&key,module);
    if (rv != SECSuccess) goto done;
    rv = secmod_EncodeData(&data,module);
    if (rv != SECSuccess) {
       secmod_FreeKey(&key);
       goto done;
    }
    rv = SECFailure;
    ret = (*pkcs11db->put)(pkcs11db, &key, &data, 0);
    secmod_FreeKey(&key);
    secmod_FreeData(&data);
    if (ret != 0) goto done;

    ret = (*pkcs11db->sync)(pkcs11db, 0);
    if (ret == 0) rv = SECSuccess;

done:
    secmod_CloseDB(pkcs11db);
    return rv;
}
SECStatus secmod_DeletePermDB ( const char *  domain,
const char *  filename,
const char *  dbname,
char *  args,
PRBool  rw 
)

Definition at line 948 of file pk11db.c.

{
    DBT key;
    SECStatus rv = SECFailure;
    DB *pkcs11db = NULL;
    int ret;

    if (!rw) return SECFailure;

    /* make sure we have a db handle */
    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE,PR_FALSE);
    if (pkcs11db == NULL) {
       return SECFailure;
    }

    rv = secmod_MakeKey(&key,args);
    if (rv != SECSuccess) goto done;
    rv = SECFailure;
    ret = (*pkcs11db->del)(pkcs11db, &key, 0);
    secmod_FreeKey(&key);
    if (ret != 0) goto done;


    ret = (*pkcs11db->sync)(pkcs11db, 0);
    if (ret == 0) rv = SECSuccess;

done:
    secmod_CloseDB(pkcs11db);
    return rv;
}

Definition at line 238 of file pk11db.c.

{
    int i;

    for (i=0; i < params->token_count; i++) {
       FREE_CLEAR(params->tokens[i].configdir);
       FREE_CLEAR(params->tokens[i].certPrefix);
       FREE_CLEAR(params->tokens[i].keyPrefix);
       FREE_CLEAR(params->tokens[i].tokdes);
       FREE_CLEAR(params->tokens[i].slotdes);
    }

    FREE_CLEAR(params->configdir);
    FREE_CLEAR(params->secmodName);
    FREE_CLEAR(params->man);
    FREE_CLEAR(params->libdes); 
    FREE_CLEAR(params->tokens);
}
char* secmod_getSecmodName ( char *  params,
char **  domain,
char **  filename,
PRBool rw 
)

Definition at line 259 of file pk11db.c.

{
    int next;
    char *configdir = NULL;
    char *secmodName = NULL;
    char *value = NULL;
    char *save_params = param;
    const char *lconfigdir;
    param = secmod_argStrip(param);
       

    while (*param) {
       SECMOD_HANDLE_STRING_ARG(param,configdir,"configDir=",;)
       SECMOD_HANDLE_STRING_ARG(param,secmodName,"secmod=",;)
       SECMOD_HANDLE_FINAL_ARG(param)
   }

   *rw = PR_TRUE;
   if (secmod_argHasFlag("flags","readOnly",save_params) ||
       secmod_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE;

   if (!secmodName || *secmodName == '\0') {
       if (secmodName) PORT_Free(secmodName);
       secmodName = PORT_Strdup(SECMOD_DB);
   }
   *filename = secmodName;

   lconfigdir = sftk_EvaluateConfigDir(configdir, appName);

   if (lconfigdir) {
       value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName);
   } else {
       value = PR_smprintf("%s",secmodName);
   }
   if (configdir) PORT_Free(configdir);
   return value;
}
CK_RV secmod_parseParameters ( char *  param,
sftk_parameters parsed,
PRBool  isFIPS 
)

Definition at line 143 of file pk11db.c.

{
    int next;
    char *tmp;
    char *index;
    char *certPrefix = NULL, *keyPrefix = NULL;
    char *tokdes = NULL, *ptokdes = NULL;
    char *slotdes = NULL, *pslotdes = NULL;
    char *fslotdes = NULL, *fpslotdes = NULL;
    char *minPW = NULL;
    index = secmod_argStrip(param);

    PORT_Memset(parsed, 0, sizeof(sftk_parameters));

    while (*index) {
       SECMOD_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
       SECMOD_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;)
       SECMOD_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;)
       SECMOD_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;)
       /* constructed values, used so legacy interfaces still work */
       SECMOD_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;)
        SECMOD_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;)
        SECMOD_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;)
        SECMOD_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;)
        SECMOD_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;)
        SECMOD_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;)
        SECMOD_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;)
        SECMOD_HANDLE_STRING_ARG(index,fpslotdes,"FIPSTokenDescription=",;)
       SECMOD_HANDLE_STRING_ARG(index,minPW,"minPWLen=",;)

       SECMOD_HANDLE_STRING_ARG(index,tmp,"flags=", 
              if(tmp) { secmod_parseFlags(param,parsed); PORT_Free(tmp); })
       SECMOD_HANDLE_STRING_ARG(index,tmp,"tokens=", 
              if(tmp) { secmod_parseTokens(tmp,parsed); PORT_Free(tmp); })
       SECMOD_HANDLE_FINAL_ARG(index)
    }
    if (parsed->tokens == NULL) {
       int  count = isFIPS ? 1 : 2;
       int  index = count-1;
       sftk_token_parameters *tokens = NULL;

       tokens = (sftk_token_parameters *) 
                     PORT_ZAlloc(count*sizeof(sftk_token_parameters));
       if (tokens == NULL) {
           goto loser;
       }
       parsed->tokens = tokens;
       parsed->token_count = count;
       tokens[index].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
       tokens[index].certPrefix = certPrefix;
       tokens[index].keyPrefix = keyPrefix;
       tokens[index].minPW = minPW ? atoi(minPW) : 0;
       tokens[index].readOnly = parsed->readOnly;
       tokens[index].noCertDB = parsed->noCertDB;
       tokens[index].noKeyDB = parsed->noCertDB;
       tokens[index].forceOpen = parsed->forceOpen;
       tokens[index].pwRequired = parsed->pwRequired;
       tokens[index].optimizeSpace = parsed->optimizeSpace;
       tokens[0].optimizeSpace = parsed->optimizeSpace;
       certPrefix = NULL;
       keyPrefix = NULL;
       if (isFIPS) {
           tokens[index].tokdes = fslotdes;
           tokens[index].slotdes = fpslotdes;
           fslotdes = NULL;
           fpslotdes = NULL;
       } else {
           tokens[index].tokdes = ptokdes;
           tokens[index].slotdes = pslotdes;
           tokens[0].slotID = NETSCAPE_SLOT_ID;
           tokens[0].tokdes = tokdes;
           tokens[0].slotdes = slotdes;
           tokens[0].noCertDB = PR_TRUE;
           tokens[0].noKeyDB = PR_TRUE;
           ptokdes = NULL;
           pslotdes = NULL;
           tokdes = NULL;
           slotdes = NULL;
       }
    }

loser:
    FREE_CLEAR(certPrefix);
    FREE_CLEAR(keyPrefix);
    FREE_CLEAR(tokdes);
    FREE_CLEAR(ptokdes);
    FREE_CLEAR(slotdes);
    FREE_CLEAR(pslotdes);
    FREE_CLEAR(fslotdes);
    FREE_CLEAR(fpslotdes);
    FREE_CLEAR(minPW);
    return CKR_OK;
}
char** secmod_ReadPermDB ( const char *  domain,
const char *  filename,
const char *  dbname,
char *  params,
PRBool  rw 
)

Definition at line 865 of file pk11db.c.

{
    DBT key,data;
    int ret;
    DB *pkcs11db = NULL;
    char **moduleList = NULL, **newModuleList = NULL;
    int moduleCount = 1;
    int useCount = SECMOD_STEP;

    moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
    if (moduleList == NULL) return NULL;

    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_TRUE,rw);
    if (pkcs11db == NULL) goto done;

    /* read and parse the file or data base */
    ret = (*pkcs11db->seq)(pkcs11db, &key, &data, R_FIRST);
    if (ret)  goto done;


    do {
       char *moduleString;
       PRBool internal = PR_FALSE;
       if ((moduleCount+1) >= useCount) {
           useCount += SECMOD_STEP;
           newModuleList =
              (char **)PORT_Realloc(moduleList,useCount*sizeof(char *));
           if (newModuleList == NULL) goto done;
           moduleList = newModuleList;
           PORT_Memset(&moduleList[moduleCount+1],0,
                                          sizeof(char *)*SECMOD_STEP);
       }
       moduleString = secmod_DecodeData(params,&data,&internal);
       if (internal) {
           moduleList[0] = moduleString;
       } else {
           moduleList[moduleCount] = moduleString;
           moduleCount++;
       }
    } while ( (*pkcs11db->seq)(pkcs11db, &key, &data, R_NEXT) == 0);

done:
    if (!moduleList[0]) {
       char * newparams = secmod_addEscape(params,'"');
       if (newparams) {
           moduleList[0] = PR_smprintf(SFTK_DEFAULT_INTERNAL_INIT,newparams,
                                          SECMOD_SLOT_FLAGS);
           PORT_Free(newparams);
       }
    }
    /* deal with trust cert db here */

    if (pkcs11db) {
       secmod_CloseDB(pkcs11db);
    } else if (moduleList[0] && rw) {
       secmod_AddPermDB(appName,filename,dbname,moduleList[0], rw) ;
    }
    if (!moduleList[0]) {
       PORT_Free(moduleList);
       moduleList = NULL;
    }
    return moduleList;
}
SECStatus secmod_ReleasePermDBData ( const char *  domain,
const char *  filename,
const char *  dbname,
char **  specList,
PRBool  rw 
)

Definition at line 931 of file pk11db.c.

{
    if (moduleSpecList) {
       char **index;
       for(index = moduleSpecList; *index; index++) {
           PR_smprintf_free(*index);
       }
       PORT_Free(moduleSpecList);
    }
    return SECSuccess;
}
CK_RV sftk_AddAttributeType ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
void valPtr,
CK_ULONG  length 
)

Definition at line 2076 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    attribute = sftk_NewAttribute(object,type,valPtr,length);
    if (attribute == NULL) { return CKR_HOST_MEMORY; }
    sftk_AddAttribute(object,attribute);
    return CKR_OK;
}

Here is the caller graph for this function:

void sftk_addHandle ( SFTKSearchResults *  search,
CK_OBJECT_HANDLE  handle 
)

Definition at line 3357 of file pkcs11u.c.

{
    if (search->handles == NULL) {
       return;
    }
    if (search->size >= search->array_size) {
       search->array_size += NSC_SEARCH_BLOCK_SIZE;
       search->handles = (CK_OBJECT_HANDLE *) PORT_Realloc(search->handles,
                             sizeof(CK_OBJECT_HANDLE)* search->array_size);
       if (search->handles == NULL) {
          return;
       }
    }
    search->handles[search->size] = handle;
    search->size++;
}

Here is the caller graph for this function:

void sftk_AddObject ( SFTKSession *  session,
SFTKObject *  object 
)

Definition at line 2479 of file pkcs11u.c.

{
    SFTKSlot *slot = sftk_SlotFromSession(session);
    SFTKSessionObject *so = sftk_narrowToSessionObject(object);

    if (so) {
       PZ_Lock(session->objectLock);
       sftkqueue_add(&so->sessionList,0,session->objects,0);
       so->session = session;
       PZ_Unlock(session->objectLock);
    }
    sftk_AddSlotObject(slot,object);
    sftk_ReferenceObject(object);
} 

Here is the caller graph for this function:

void sftk_AddSlotObject ( SFTKSlot *  slot,
SFTKObject *  object 
)

Definition at line 2469 of file pkcs11u.c.

{
    PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);
    sftkqueue_init_element(object);
    PZ_Lock(slot->objectLock);
    sftkqueue_add2(object, object->handle, index, slot->sessObjHashTable);
    PZ_Unlock(slot->objectLock);
}

Here is the caller graph for this function:

CK_RV sftk_Attribute2SecItem ( PLArenaPool arena,
SECItem *  item,
SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 2022 of file pkcs11u.c.

{
    int len;
    SFTKAttribute *attribute;

    attribute = sftk_FindAttribute(object, type);
    if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
    len = attribute->attrib.ulValueLen;

    if (arena) {
       item->data = (unsigned char *) PORT_ArenaAlloc(arena,len);
    } else {
       item->data = (unsigned char *) PORT_Alloc(len);
    }
    if (item->data == NULL) {
       sftk_FreeAttribute(attribute);
       return CKR_HOST_MEMORY;
    }
    item->len = len;
    PORT_Memcpy(item->data,attribute->attrib.pValue, len);
    sftk_FreeAttribute(attribute);
    return CKR_OK;
}

Here is the caller graph for this function:

CK_RV sftk_Attribute2SSecItem ( PLArenaPool arena,
SECItem *  item,
SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1482 of file pkcs11u.c.

{
    SFTKAttribute *attribute;

    item->data = NULL;

    attribute = sftk_FindAttribute(object, type);
    if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;

    (void)SECITEM_AllocItem(arena, item, attribute->attrib.ulValueLen);
    if (item->data == NULL) {
       sftk_FreeAttribute(attribute);
       return CKR_HOST_MEMORY;
    }
    PORT_Memcpy(item->data, attribute->attrib.pValue, item->len);
    sftk_FreeAttribute(attribute);
    return CKR_OK;
}

Here is the caller graph for this function:

PRBool sftk_CheckDESKey ( unsigned char *  key)

Definition at line 2222 of file pkcs11.c.

{
    int i;

    /* format the des key with parity  */
    sftk_FormatDESKey(key, 8);

    for (i=0; i < sftk_desWeakTableSize; i++) {
       if (PORT_Memcmp(key,sftk_desWeakTable[i],8) == 0) {
           return PR_TRUE;
       }
    }
    return PR_FALSE;
}

Definition at line 2278 of file pkcs11u.c.

Here is the caller graph for this function:

CK_RV SFTK_ClearTokenKeyHashTable ( SFTKSlot *  slot)

Definition at line 2160 of file pkcs11u.c.

Here is the caller graph for this function:

CK_RV sftk_ConstrainAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
int  minLength,
int  maxLength,
int  minMultiple 
)

Definition at line 1405 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    int size;
    unsigned char *ptr;

    attribute = sftk_FindAttribute(object, type);
    if (!attribute) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    ptr = (unsigned char *) attribute->attrib.pValue;
    if (ptr == NULL) {
       sftk_FreeAttribute(attribute);
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    size = sftk_GetLengthInBits(ptr, attribute->attrib.ulValueLen);
    sftk_FreeAttribute(attribute);

    if ((minLength != 0) && (size <  minLength)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    if ((maxLength != 0) && (size >  maxLength)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    if ((minMultiple != 0) && ((size % minMultiple) != 0)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    return CKR_OK;
}

Here is the caller graph for this function:

SFTKTokenObject* sftk_convertSessionToToken ( SFTKObject *  so)

Definition at line 3452 of file pkcs11u.c.

{
    SECItem *key;
    SFTKSessionObject *so = (SFTKSessionObject *)obj;
    SFTKTokenObject *to = sftk_narrowToTokenObject(obj);
    SECStatus rv;

    sftk_DestroySessionObjectData(so);
    PZ_DestroyLock(so->attributeLock);
    if (to == NULL) {
       return NULL;
    }
    sftk_tokenKeyLock(so->obj.slot);
    key = sftk_lookupTokenKeyByHandle(so->obj.slot,so->obj.handle);
    if (key == NULL) {
       sftk_tokenKeyUnlock(so->obj.slot);
       return NULL;
    }
    rv = SECITEM_CopyItem(NULL,&to->dbKey,key);
    sftk_tokenKeyUnlock(so->obj.slot);
    if (rv == SECFailure) {
       return NULL;
    }

    return to;

}

Here is the caller graph for this function:

CK_RV sftk_CopyObject ( SFTKObject *  destObject,
SFTKObject *  srcObject 
)

Definition at line 2950 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    SFTKSessionObject *src_so = sftk_narrowToSessionObject(srcObject);
    unsigned int i;

    if (src_so == NULL) {
       return sftk_CopyTokenObject(destObject,srcObject); 
    }

    PZ_Lock(src_so->attributeLock);
    for(i=0; i < src_so->hashSize; i++) {
       attribute = src_so->head[i];
       do {
           if (attribute) {
              if (!sftk_hasAttribute(destObject,attribute->handle)) {
                  /* we need to copy the attribute since each attribute
                   * only has one set of link list pointers */
                  SFTKAttribute *newAttribute = sftk_NewAttribute(
                       destObject,sftk_attr_expand(&attribute->attrib));
                  if (newAttribute == NULL) {
                     PZ_Unlock(src_so->attributeLock);
                     return CKR_HOST_MEMORY;
                  }
                  sftk_AddAttribute(destObject,newAttribute);
              }
              attribute=attribute->next;
           }
       } while (attribute != NULL);
    }
    PZ_Unlock(src_so->attributeLock);

    return CKR_OK;
}

Here is the caller graph for this function:

CK_RV sftk_DBInit ( const char *  configdir,
const char *  certPrefix,
const char *  keyPrefix,
PRBool  readOnly,
PRBool  noCertDB,
PRBool  noKeyDB,
PRBool  forceOpen,
NSSLOWCERTCertDBHandle **  certDB,
NSSLOWKEYDBHandle **  keyDB 
)

Definition at line 231 of file dbinit.c.

{
    CK_RV crv = CKR_OK;


    if (!noCertDB) {
       crv = sftk_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr);
       if (crv != CKR_OK) {
           if (!forceOpen) goto loser;
           crv = CKR_OK;
       }
    }
    if (!noKeyDB) {

       crv = sftk_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr);
       if (crv != CKR_OK) {
           if (!forceOpen) goto loser;
           crv = CKR_OK;
       }
    }


loser:
    return crv;
}
CK_RV sftk_defaultAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
void value,
unsigned int  len 
)

Definition at line 563 of file pkcs11.c.

{
    if ( !sftk_hasAttribute(object, type)) {
       return sftk_AddAttributeType(object,type,value,len);
    }
    return CKR_OK;
}
void sftk_DeleteAttributeType ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 2066 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    attribute = sftk_FindAttribute(object, type);
    if (attribute == NULL) return ;
    sftk_DeleteAttribute(object,attribute);
    sftk_FreeAttribute(attribute);
}

Here is the caller graph for this function:

CK_RV sftk_DeleteObject ( SFTKSession *  session,
SFTKObject *  object 
)

Definition at line 2498 of file pkcs11u.c.

{
    SFTKSlot *slot = sftk_SlotFromSession(session);
    SFTKSessionObject *so = sftk_narrowToSessionObject(object);
    SFTKTokenObject *to = sftk_narrowToTokenObject(object);
    CK_RV crv = CKR_OK;
    SECStatus rv;
    NSSLOWCERTCertificate *cert;
    NSSLOWCERTCertTrust tmptrust;
    PRBool isKrl;
    PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);

  /* Handle Token case */
    if (so && so->session) {
       SFTKSession *session = so->session;
       PZ_Lock(session->objectLock);
       sftkqueue_delete(&so->sessionList,0,session->objects,0);
       PZ_Unlock(session->objectLock);
       PZ_Lock(slot->objectLock);
       sftkqueue_delete2(object, object->handle, index, slot->sessObjHashTable);
       PZ_Unlock(slot->objectLock);
       sftkqueue_clear_deleted_element(object);
       sftk_FreeObject(object); /* reduce it's reference count */
    } else {
       NSSLOWKEYDBHandle *keyHandle;
       NSSLOWCERTCertDBHandle *certHandle;

       PORT_Assert(to);
       /* remove the objects from the real data base */
       switch (object->handle & SFTK_TOKEN_TYPE_MASK) {
       case SFTK_TOKEN_TYPE_PRIV:
       case SFTK_TOKEN_TYPE_KEY:
           /* KEYID is the public KEY for DSA and DH, and the MODULUS for
            *  RSA */
           keyHandle = sftk_getKeyDB(slot);
           if (!keyHandle) {
              crv = CKR_TOKEN_WRITE_PROTECTED;
              break;
           }
           rv = nsslowkey_DeleteKey(keyHandle, &to->dbKey);
           sftk_freeKeyDB(keyHandle);
           if (rv != SECSuccess) {
              crv = CKR_DEVICE_ERROR;
           }
           break;
       case SFTK_TOKEN_TYPE_PUB:
           break; /* public keys only exist at the behest of the priv key */
       case SFTK_TOKEN_TYPE_CERT:
           certHandle = sftk_getCertDB(slot);
           if (!certHandle) {
              crv = CKR_TOKEN_WRITE_PROTECTED;
              break;
           }
           cert = nsslowcert_FindCertByKey(certHandle,&to->dbKey);
           sftk_freeCertDB(certHandle);
           if (cert == NULL) {
              crv = CKR_DEVICE_ERROR;
              break;
           }
           rv = nsslowcert_DeletePermCertificate(cert);
           if (rv != SECSuccess) {
              crv = CKR_DEVICE_ERROR;
           }
           nsslowcert_DestroyCertificate(cert);
           break;
       case SFTK_TOKEN_TYPE_CRL:
           certHandle = sftk_getCertDB(slot);
           if (!certHandle) {
              crv = CKR_TOKEN_WRITE_PROTECTED;
              break;
           }
           isKrl = (PRBool) (object->handle == SFTK_TOKEN_KRL_HANDLE);
           rv = nsslowcert_DeletePermCRL(certHandle, &to->dbKey, isKrl);
           sftk_freeCertDB(certHandle);
           if (rv == SECFailure) crv = CKR_DEVICE_ERROR;
           break;
       case SFTK_TOKEN_TYPE_TRUST:
           certHandle = sftk_getCertDB(slot);
           if (!certHandle) {
              crv = CKR_TOKEN_WRITE_PROTECTED;
              break;
           }
           cert = nsslowcert_FindCertByKey(certHandle, &to->dbKey);
           if (cert == NULL) {
              sftk_freeCertDB(certHandle);
              crv = CKR_DEVICE_ERROR;
              break;
           }
           tmptrust = *cert->trust;
           tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
           tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
           tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
           tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
           tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
           tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
           rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
           sftk_freeCertDB(certHandle);
           if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
           nsslowcert_DestroyCertificate(cert);
           break;
       default:
           break;
       }
       sftk_tokenKeyLock(object->slot);
       sftk_deleteTokenKeyByHandle(object->slot,object->handle);
       sftk_tokenKeyUnlock(object->slot);
    } 
    return crv;
}

Here is the caller graph for this function:

CK_RV SFTK_DestroySlotData ( SFTKSlot *  slot)

Definition at line 2868 of file pkcs11.c.

{
    unsigned int i;

    SFTK_ShutdownSlot(slot);

    if (slot->tokObjHashTable) {
       PL_HashTableDestroy(slot->tokObjHashTable);
       slot->tokObjHashTable = NULL;
    }

    if (slot->sessObjHashTable) {
       PORT_Free(slot->sessObjHashTable);
       slot->sessObjHashTable = NULL;
    }
    slot->sessObjHashSize = 0;

    if (slot->head) {
       PORT_Free(slot->head);
       slot->head = NULL;
    }
    slot->sessHashSize = 0;

    /* OK everything has been disassembled, now we can finally get rid
     * of the locks */
    if (slot->slotLock) {
       PZ_DestroyLock(slot->slotLock);
       slot->slotLock = NULL;
    }
    if (slot->sessionLock) {
       for (i=0; i < slot->numSessionLocks; i++) {
           if (slot->sessionLock[i]) {
              PZ_DestroyLock(slot->sessionLock[i]);
              slot->sessionLock[i] = NULL;
           }
       }
       PORT_Free(slot->sessionLock);
       slot->sessionLock = NULL;
    }
    if (slot->objectLock) {
       PZ_DestroyLock(slot->objectLock);
       slot->objectLock = NULL;
    }
    if (slot->pwCheckLock) {
       PR_DestroyLock(slot->pwCheckLock);
       slot->pwCheckLock = NULL;
    }
    PORT_Free(slot);
    return CKR_OK;
}
const char* sftk_EvaluateConfigDir ( const char *  configdir,
char **  domain 
)

Definition at line 124 of file dbinit.c.

{
    if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
       char *cdir;

       *appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
       if (*appName == NULL) {
           return configdir;
       }
       cdir = *appName;
       while (*cdir && *cdir != ':') {
           cdir++;
       }
       if (*cdir == ':') {
          *cdir = 0;
          cdir++;
       }
       configdir = cdir;
    }
    return configdir;
}
SFTKAttribute* sftk_FindAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1353 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);

    if (sessObject == NULL) {
       return sftk_FindTokenAttribute(sftk_narrowToTokenObject(object),type);
    }

    PZ_Lock(sessObject->attributeLock);
    sftkqueue_find(attribute,type,sessObject->head, sessObject->hashSize);
    PZ_Unlock(sessObject->attributeLock);

    return(attribute);
}

Here is the caller graph for this function:

NSSLOWKEYPrivateKey* sftk_FindKeyByPublicKey ( SFTKSlot *  slot,
SECItem *  dbKey 
)

Definition at line 267 of file pkcs11u.c.

{
    NSSLOWKEYPrivateKey *privKey;
    NSSLOWKEYDBHandle   *keyHandle;

    keyHandle = sftk_getKeyDB(slot);
    if (keyHandle == NULL) {
       return NULL;
    }
    privKey = nsslowkey_FindKeyByPublicKey(keyHandle, dbKey, slot->password);
    sftk_freeKeyDB(keyHandle);
    if (privKey == NULL) {
       return NULL;
    }
    return privKey;
}

Here is the caller graph for this function:

CK_RV sftk_forceAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
void value,
unsigned int  len 
)

Definition at line 1816 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    void *att_val = NULL;
    PRBool freeData = PR_FALSE;

    PORT_Assert(object);
    PORT_Assert(object->refCount);
    PORT_Assert(object->slot);
    if (!object ||
        !object->refCount ||
        !object->slot) {
        return CKR_DEVICE_ERROR;
    }
    if (sftk_isToken(object->handle)) {
       return sftk_forceTokenAttribute(object,type,value,len);
    }
    attribute=sftk_FindAttribute(object,type);
    if (attribute == NULL) return sftk_AddAttributeType(object,type,value,len);


    if (value) {
        if (len <= ATTR_SPACE) {
           att_val = attribute->space;
       } else {
           att_val = PORT_Alloc(len);
           freeData = PR_TRUE;
       }
       if (att_val == NULL) {
           return CKR_HOST_MEMORY;
       }
       if (attribute->attrib.pValue == att_val) {
           PORT_Memset(attribute->attrib.pValue,0,
                                   attribute->attrib.ulValueLen);
       }
       PORT_Memcpy(att_val,value,len);
    }
    if (attribute->attrib.pValue != NULL) {
       if (attribute->attrib.pValue != att_val) {
           PORT_Memset(attribute->attrib.pValue,0,
                                   attribute->attrib.ulValueLen);
       }
       if (attribute->freeData) {
           PORT_Free(attribute->attrib.pValue);
       }
       attribute->freeData = PR_FALSE;
       attribute->attrib.pValue = NULL;
       attribute->attrib.ulValueLen = 0;
    }
    if (att_val) {
       attribute->attrib.pValue = att_val;
       attribute->attrib.ulValueLen = len;
       attribute->freeData = freeData;
    }
    sftk_FreeAttribute(attribute);
    return CKR_OK;
}

Here is the caller graph for this function:

void sftk_FormatDESKey ( unsigned char *  key,
int  length 
)

Definition at line 2208 of file pkcs11.c.

{
    int i;

    /* format the des key */
    for (i=0; i < length; i++) {
       key[i] = parityTable[key[i]>>1];
    }
}
void sftk_FreeAttribute ( SFTKAttribute *  attribute)

Definition at line 186 of file pkcs11u.c.

{
    if (attribute->freeAttr) {
       sftk_DestroyAttribute(attribute);
       return;
    }
}

Here is the caller graph for this function:

void sftk_freeCertDB ( NSSLOWCERTCertDBHandle *  certHandle)

Definition at line 289 of file dbinit.c.

{
   PRInt32 ref = PR_AtomicDecrement(&certHandle->ref);
   if (ref == 0) {
       nsslowcert_ClosePermCertDB(certHandle);
       PORT_Free(certHandle);
   }
}
void sftk_FreeContext ( SFTKSessionContext *  context)

Definition at line 3140 of file pkcs11u.c.

{
    if (context->cipherInfo) {
       (*context->destroy)(context->cipherInfo,PR_TRUE);
    }
    if (context->hashInfo) {
       (*context->hashdestroy)(context->hashInfo,PR_TRUE);
    }
    if (context->key) {
       sftk_FreeObject(context->key);
       context->key = NULL;
    }
    PORT_Free(context);
}

Here is the caller graph for this function:

void sftk_freeKeyDB ( NSSLOWKEYDBHandle *  keyHandle)

Definition at line 299 of file dbinit.c.

{
   PRInt32 ref = PR_AtomicDecrement(&keyHandle->ref);
   if (ref == 0) {
       nsslowkey_CloseKeyDB(keyHandle);
   }
}
SFTKFreeStatus sftk_FreeObject ( SFTKObject *  object)

Definition at line 2444 of file pkcs11u.c.

{
    PRBool destroy = PR_FALSE;
    CK_RV crv;

    PZ_Lock(object->refLock);
    if (object->refCount == 1) destroy = PR_TRUE;
    object->refCount--;
    PZ_Unlock(object->refLock);

    if (destroy) {
       crv = sftk_DestroyObject(object);
       if (crv != CKR_OK) {
          return SFTK_DestroyFailure;
       } 
       return SFTK_Destroyed;
    }
    return SFTK_Busy;
}

Here is the caller graph for this function:

void sftk_FreeObjectList ( SFTKObjectListElement *  objectList)

Definition at line 3074 of file pkcs11u.c.

{
    SFTKObjectListElement *ol;

    for (ol= objectList; ol != NULL; ol = sftk_FreeObjectListElement(ol)) {}
}
SFTKObjectListElement* sftk_FreeObjectListElement ( SFTKObjectListElement *  objectList)

Definition at line 3063 of file pkcs11u.c.

{
    SFTKObjectListElement *ol = objectList->next;

    sftk_FreeObject(objectList->object);
    PORT_Free(objectList);
    return ol;
}

Here is the caller graph for this function:

void sftk_FreeSearch ( SFTKSearchResults *  search)

Definition at line 3085 of file pkcs11u.c.

{
    if (search->handles) {
       PORT_Free(search->handles);
    }
    PORT_Free(search);
}

Here is the caller graph for this function:

void sftk_FreeSession ( SFTKSession *  session)

Definition at line 3255 of file pkcs11u.c.

{
    PRBool destroy = PR_FALSE;
    SFTKSlot *slot = sftk_SlotFromSession(session);
    PZLock *lock = SFTK_SESSION_LOCK(slot,session->handle);

    PZ_Lock(lock);
    if (session->refCount == 1) destroy = PR_TRUE;
    session->refCount--;
    PZ_Unlock(lock);

    if (destroy) sftk_DestroySession(session);
}
NSSLOWCERTCertDBHandle* sftk_getCertDB ( SFTKSlot *  slot)

Definition at line 261 of file dbinit.c.

{
    NSSLOWCERTCertDBHandle *certHandle;

    PZ_Lock(slot->slotLock);
    certHandle = slot->certDB;
    if (certHandle) {
       PR_AtomicIncrement(&certHandle->ref);
    }
    PZ_Unlock(slot->slotLock);
    return certHandle;
}
NSSLOWKEYDBHandle* sftk_getKeyDB ( SFTKSlot *  slot)

Definition at line 275 of file dbinit.c.

{
    NSSLOWKEYDBHandle *keyHandle;

    PZ_Lock(slot->slotLock);
    keyHandle = slot->keyDB;
    if (keyHandle) {
       PR_AtomicIncrement(&keyHandle->ref);
    }
    PZ_Unlock(slot->slotLock);
    return keyHandle;
}
unsigned int sftk_GetLengthInBits ( unsigned char *  buf,
unsigned int  bufLen 
)

Definition at line 1373 of file pkcs11u.c.

{
    unsigned int size = bufLen * 8;
    unsigned int i;

    /* Get the real length in bytes */
    for (i=0; i < bufLen; i++) {
       unsigned char  c = *buf++;
       if (c != 0) {
           unsigned char m;
           for (m=0x80; m > 0 ;  m = m >> 1) {
              if ((c & m) != 0) {
                  break;
              } 
              size--;
           }
           break;
       }
       size-=8;
    }
    return size;
}

Here is the caller graph for this function:

NSSLOWKEYPrivateKey* sftk_GetPrivKey ( SFTKObject *  object,
CK_KEY_TYPE  key_type,
CK_RV crvp 
)

Definition at line 2173 of file pkcs11.c.

{
    NSSLOWKEYPrivateKey *priv = NULL;

    if (object->objclass != CKO_PRIVATE_KEY) {
       *crvp = CKR_KEY_TYPE_INCONSISTENT;
       return NULL;
    }
    if (object->objectInfo) {
       *crvp = CKR_OK;
       return (NSSLOWKEYPrivateKey *)object->objectInfo;
    }

    if (sftk_isToken(object->handle)) {
       /* grab it from the data base */
       SFTKTokenObject *to = sftk_narrowToTokenObject(object);

       PORT_Assert(to);
       priv = sftk_FindKeyByPublicKey(object->slot, &to->dbKey);
       *crvp = (priv == NULL) ? CKR_DEVICE_ERROR : CKR_OK;
    } else {
       priv = sftk_mkPrivKey(object, key_type, crvp);
    }
    object->objectInfo = priv;
    object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey;
    return priv;
}
NSSLOWKEYPublicKey* sftk_GetPubKey ( SFTKObject *  object,
CK_KEY_TYPE  key_type,
CK_RV crvp 
)

Definition at line 1918 of file pkcs11.c.

{
    NSSLOWKEYPublicKey *pubKey;
    PLArenaPool *arena;
    CK_RV crv;

    if (object->objclass != CKO_PUBLIC_KEY) {
       *crvp = CKR_KEY_TYPE_INCONSISTENT;
       return NULL;
    }

    if (sftk_isToken(object->handle)) {
/* ferret out the token object handle */
    }

    /* If we already have a key, use it */
    if (object->objectInfo) {
       *crvp = CKR_OK;
       return (NSSLOWKEYPublicKey *)object->objectInfo;
    }

    /* allocate the structure */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    pubKey = (NSSLOWKEYPublicKey *)
                     PORT_ArenaAlloc(arena,sizeof(NSSLOWKEYPublicKey));
    if (pubKey == NULL) {
       PORT_FreeArena(arena,PR_FALSE);
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    /* fill in the structure */
    pubKey->arena = arena;
    switch (key_type) {
    case CKK_RSA:
       pubKey->keyType = NSSLOWKEYRSAKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus,
                                                 object,CKA_MODULUS);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.publicExponent,
                                          object,CKA_PUBLIC_EXPONENT);
       break;
    case CKK_DSA:
       pubKey->keyType = NSSLOWKEYDSAKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.subPrime,
                                                 object,CKA_SUBPRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue,
                                                 object,CKA_VALUE);
       break;
    case CKK_DH:
       pubKey->keyType = NSSLOWKEYDHKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue,
                                                 object,CKA_VALUE);
       break;
#ifdef NSS_ENABLE_ECC
    case CKK_EC:
       pubKey->keyType = NSSLOWKEYECKey;
       crv = sftk_Attribute2SSecItem(arena,
                                     &pubKey->u.ec.ecParams.DEREncoding,
                                     object,CKA_EC_PARAMS);
       if (crv != CKR_OK) break;

       /* Fill out the rest of the ecParams structure 
        * based on the encoded params
        */
       if (EC_FillParams(arena, &pubKey->u.ec.ecParams.DEREncoding,
                  &pubKey->u.ec.ecParams) != SECSuccess) {
           crv = CKR_DOMAIN_PARAMS_INVALID;
           break;
       }
           
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue,
                                     object,CKA_EC_POINT);
       break;
#endif /* NSS_ENABLE_ECC */
    default:
       crv = CKR_KEY_TYPE_INCONSISTENT;
       break;
    }
    *crvp = crv;
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       return NULL;
    }

    object->objectInfo = pubKey;
    object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey;
    return pubKey;
}
char* sftk_getString ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1880 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    char *label = NULL;

    attribute=sftk_FindAttribute(object,type);
    if (attribute == NULL) return NULL;

    if (attribute->attrib.pValue != NULL) {
       label = (char *) PORT_Alloc(attribute->attrib.ulValueLen+1);
       if (label == NULL) {
           sftk_FreeAttribute(attribute);
           return NULL;
       }

       PORT_Memcpy(label,attribute->attrib.pValue,
                                          attribute->attrib.ulValueLen);
       label[attribute->attrib.ulValueLen] = 0;
    }
    sftk_FreeAttribute(attribute);
    return label;
}

Here is the caller graph for this function:

CK_RV sftk_GetULongAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
CK_ULONG longData 
)

Definition at line 2048 of file pkcs11u.c.

{
    SFTKAttribute *attribute;

    attribute = sftk_FindAttribute(object, type);
    if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;

    if (attribute->attrib.ulValueLen != sizeof(CK_ULONG)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    *longData = *(CK_ULONG *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);
    return CKR_OK;
}

Here is the caller graph for this function:

CK_RV sftk_handleObject ( SFTKObject *  object,
SFTKSession *  session 
)

Definition at line 1787 of file pkcs11.c.

{
    SFTKSlot *slot = session->slot;
    SFTKAttribute *attribute;
    SFTKObject *duplicateObject = NULL;
    CK_OBJECT_HANDLE handle;
    CK_BBOOL ckfalse = CK_FALSE;
    CK_BBOOL cktrue = CK_TRUE;
    CK_RV crv;

    /* make sure all the base object types are defined. If not set the
     * defaults */
    crv = sftk_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_PRIVATE,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_LABEL,NULL,0);
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_MODIFIABLE,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;

    /* don't create a private object if we aren't logged in */
    if ((!slot->isLoggedIn) && (slot->needLogin) &&
                            (sftk_isTrue(object,CKA_PRIVATE))) {
       return CKR_USER_NOT_LOGGED_IN;
    }


    if (((session->info.flags & CKF_RW_SESSION) == 0) &&
                            (sftk_isTrue(object,CKA_TOKEN))) {
       return CKR_SESSION_READ_ONLY;
    }
       
    /* Assign a unique SESSION object handle to every new object,
     * whether it is a session object or a token object.  
     * At this point, all new objects are structured as session objects.
     * Objects with the CKA_TOKEN attribute true will be turned into 
     * token objects and will have a token object handle assigned to 
     * them by a call to sftk_mkHandle in the handler for each object 
     * class, invoked below.
     *
     * It may be helpful to note/remember that 
     * sftk_narrowToXxxObject uses sftk_isToken,
     * sftk_isToken examines the sign bit of the object's handle, but
     * sftk_isTrue(...,CKA_TOKEN) examines the CKA_TOKEN attribute.
     */
    do {
       PRUint32 wrappedAround;

       duplicateObject = NULL;
       PZ_Lock(slot->objectLock);
       wrappedAround = slot->sessionObjectHandleCount &  SFTK_TOKEN_MASK;
       handle        = slot->sessionObjectHandleCount & ~SFTK_TOKEN_MASK;
       if (!handle) /* don't allow zero handle */
           handle = minSessionObjectHandle;  
       slot->sessionObjectHandleCount = (handle + 1U) | wrappedAround;
       /* Is there already a session object with this handle? */
       if (wrappedAround) {
           sftkqueue_find(duplicateObject, handle, slot->sessObjHashTable, \
                          slot->sessObjHashSize);
       }
       PZ_Unlock(slot->objectLock);
    } while (duplicateObject != NULL);
    object->handle = handle;

    /* get the object class */
    attribute = sftk_FindAttribute(object,CKA_CLASS);
    if (attribute == NULL) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    object->objclass = *(CK_OBJECT_CLASS *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);

    /* Now handle the specific object class. 
     * At this point, all objects are session objects, and the session
     * number must be passed to the object class handlers.
     */
    switch (object->objclass) {
    case CKO_DATA:
       crv = sftk_handleDataObject(session,object);
       break;
    case CKO_CERTIFICATE:
       crv = sftk_handleCertObject(session,object);
       break;
    case CKO_NETSCAPE_TRUST:
       crv = sftk_handleTrustObject(session,object);
       break;
    case CKO_NETSCAPE_CRL:
       crv = sftk_handleCrlObject(session,object);
       break;
    case CKO_NETSCAPE_SMIME:
       crv = sftk_handleSMimeObject(session,object);
       break;
    case CKO_PRIVATE_KEY:
    case CKO_PUBLIC_KEY:
    case CKO_SECRET_KEY:
       crv = sftk_handleKeyObject(session,object);
       break;
    case CKO_KG_PARAMETERS:
       crv = sftk_handleKeyParameterObject(session,object);
       break;
    default:
       crv = CKR_ATTRIBUTE_VALUE_INVALID;
       break;
    }

    /* can't fail from here on out unless the pk_handlXXX functions have
     * failed the request */
    if (crv != CKR_OK) {
       return crv;
    }

    /* Now link the object into the slot and session structures.
     * If the object has a true CKA_TOKEN attribute, the above object
     * class handlers will have set the sign bit in the object handle,
     * causing the following test to be true.
     */
    if (sftk_isToken(object->handle)) {
       sftk_convertSessionToToken(object);
    } else {
       object->slot = slot;
       sftk_AddObject(session,object);
    }

    return CKR_OK;
}
PRBool sftk_hasAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1446 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);

    if (sessObject == NULL) {
       return sftk_hasAttributeToken(sftk_narrowToTokenObject(object));
    }

    PZ_Lock(sessObject->attributeLock);
    sftkqueue_find(attribute,type,sessObject->head, sessObject->hashSize);
    PZ_Unlock(sessObject->attributeLock);

    return (PRBool)(attribute != NULL);
}

Here is the caller graph for this function:

Definition at line 2248 of file pkcs11u.c.

Here is the caller graph for this function:

Definition at line 1994 of file pkcs11u.c.

{
    switch(type) {
    /* ALWAYS */
    case CKA_PRIVATE_EXPONENT:
    case CKA_PRIME_1:
    case CKA_PRIME_2:
    case CKA_EXPONENT_1:
    case CKA_EXPONENT_2:
    case CKA_COEFFICIENT:
       return PR_TRUE;

    /* DEPENDS ON CLASS */
    case CKA_VALUE:
       /* PRIVATE and SECRET KEYS have SENSITIVE values */
       return (PRBool)((inClass == CKO_PRIVATE_KEY) || (inClass == CKO_SECRET_KEY));

    default:
       break;
    }
    return PR_FALSE;
}

Here is the caller graph for this function:

PRBool sftk_isTrue ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1528 of file pkcs11u.c.

{
    SFTKAttribute *attribute;
    PRBool tok = PR_FALSE;

    attribute=sftk_FindAttribute(object,type);
    if (attribute == NULL) { return PR_FALSE; }
    tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue);
    sftk_FreeAttribute(attribute);

    return tok;
}

Here is the caller graph for this function:

PRBool sftk_IsWeakKey ( unsigned char *  key,
CK_KEY_TYPE  key_type 
)

Definition at line 2241 of file pkcs11.c.

{

    switch(key_type) {
    case CKK_DES:
       return sftk_CheckDESKey(key);
    case CKM_DES2_KEY_GEN:
       if (sftk_CheckDESKey(key)) return PR_TRUE;
       return sftk_CheckDESKey(&key[8]);
    case CKM_DES3_KEY_GEN:
       if (sftk_CheckDESKey(key)) return PR_TRUE;
       if (sftk_CheckDESKey(&key[8])) return PR_TRUE;
       return sftk_CheckDESKey(&key[16]);
    default:
       break;
    }
    return PR_FALSE;
}
unsigned int sftk_MapTrust ( CK_TRUST  trust,
PRBool  clientAuth 
)

Definition at line 747 of file pkcs11.c.

{
    unsigned int trustCA = clientAuth ? CERTDB_TRUSTED_CLIENT_CA :
                                                 CERTDB_TRUSTED_CA;
    switch (trust) {
    case CKT_NETSCAPE_TRUSTED:
       return CERTDB_VALID_PEER|CERTDB_TRUSTED;
    case CKT_NETSCAPE_TRUSTED_DELEGATOR:
       return CERTDB_VALID_CA|trustCA;
    case CKT_NETSCAPE_UNTRUSTED:
       return CERTDB_NOT_TRUSTED;
    case CKT_NETSCAPE_MUST_VERIFY:
       return 0;
    case CKT_NETSCAPE_VALID: /* implies must verify */
       return CERTDB_VALID_PEER;
    case CKT_NETSCAPE_VALID_DELEGATOR: /* implies must verify */
       return CERTDB_VALID_CA;
    default:
       break;
    }
    return CERTDB_TRUSTED_UNKNOWN;
}

Definition at line 3408 of file pkcs11.c.

{
    CK_ULONG i;
    CK_FLAGS flags;

    switch (op) {
    case CKA_ENCRYPT:         flags = CKF_ENCRYPT;         break;
    case CKA_DECRYPT:         flags = CKF_DECRYPT;         break;
    case CKA_WRAP:            flags = CKF_WRAP;            break;
    case CKA_UNWRAP:          flags = CKF_UNWRAP;          break;
    case CKA_SIGN:            flags = CKF_SIGN;            break;
    case CKA_SIGN_RECOVER:    flags = CKF_SIGN_RECOVER;    break;
    case CKA_VERIFY:          flags = CKF_VERIFY;          break;
    case CKA_VERIFY_RECOVER:  flags = CKF_VERIFY_RECOVER;  break;
    case CKA_DERIVE:          flags = CKF_DERIVE;          break;
    default:
       return CKR_ARGUMENTS_BAD;
    }
    for (i=0; i < mechanismCount; i++) {
        if (type == mechanisms[i].type) {
           return (flags & mechanisms[i].info.flags) ? CKR_OK 
                                                     : CKR_MECHANISM_INVALID;
       }
    }
    return CKR_MECHANISM_INVALID;
}
CK_OBJECT_HANDLE sftk_mkHandle ( SFTKSlot *  slot,
SECItem *  dbKey,
CK_OBJECT_HANDLE  class 
)

Definition at line 3288 of file pkcs11u.c.

{
    unsigned char hashBuf[4];
    CK_OBJECT_HANDLE handle;
    SECItem *key;

    handle = class;
    /* there is only one KRL, use a fixed handle for it */
    if (handle != SFTK_TOKEN_KRL_HANDLE) {
       sftk_XORHash(hashBuf,dbKey->data,dbKey->len);
       handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | 
                                   (hashBuf[2] << 8)  | hashBuf[3];
       handle = SFTK_TOKEN_MAGIC | class | 
                     (handle & ~(SFTK_TOKEN_TYPE_MASK|SFTK_TOKEN_MASK));
       /* we have a CRL who's handle has randomly matched the reserved KRL
        * handle, increment it */
       if (handle == SFTK_TOKEN_KRL_HANDLE) {
           handle++;
       }
    }

    sftk_tokenKeyLock(slot);
    while ((key = sftk_lookupTokenKeyByHandle(slot,handle)) != NULL) {
       if (SECITEM_ItemsAreEqual(key,dbKey)) {
          sftk_tokenKeyUnlock(slot);
          return handle;
       }
       handle++;
    }
    sftk_addTokenKeyByHandle(slot,handle,dbKey);
    sftk_tokenKeyUnlock(slot);
    return handle;
}

Here is the caller graph for this function:

Definition at line 1916 of file pkcs11u.c.

{
    /* if we don't know about it, user user defined, always allow modify */
    SFTKModifyType mtype = SFTK_ALWAYS; 

    switch(type) {
    /* NEVER */
    case CKA_CLASS:
    case CKA_CERTIFICATE_TYPE:
    case CKA_KEY_TYPE:
    case CKA_MODULUS:
    case CKA_MODULUS_BITS:
    case CKA_PUBLIC_EXPONENT:
    case CKA_PRIVATE_EXPONENT:
    case CKA_PRIME:
    case CKA_SUBPRIME:
    case CKA_BASE:
    case CKA_PRIME_1:
    case CKA_PRIME_2:
    case CKA_EXPONENT_1:
    case CKA_EXPONENT_2:
    case CKA_COEFFICIENT:
    case CKA_VALUE_LEN:
    case CKA_ALWAYS_SENSITIVE:
    case CKA_NEVER_EXTRACTABLE:
    case CKA_NETSCAPE_DB:
       mtype = SFTK_NEVER;
       break;

    /* ONCOPY */
    case CKA_TOKEN:
    case CKA_PRIVATE:
    case CKA_MODIFIABLE:
       mtype = SFTK_ONCOPY;
       break;

    /* SENSITIVE */
    case CKA_SENSITIVE:
    case CKA_EXTRACTABLE:
       mtype = SFTK_SENSITIVE;
       break;

    /* ALWAYS */
    case CKA_LABEL:
    case CKA_APPLICATION:
    case CKA_ID:
    case CKA_SERIAL_NUMBER:
    case CKA_START_DATE:
    case CKA_END_DATE:
    case CKA_DERIVE:
    case CKA_ENCRYPT:
    case CKA_DECRYPT:
    case CKA_SIGN:
    case CKA_VERIFY:
    case CKA_SIGN_RECOVER:
    case CKA_VERIFY_RECOVER:
    case CKA_WRAP:
    case CKA_UNWRAP:
       mtype = SFTK_ALWAYS;
       break;

    /* DEPENDS ON CLASS */
    case CKA_VALUE:
       mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER;
       break;

    case CKA_SUBJECT:
       mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS;
       break;
    default:
       break;
    }
    return mtype;
}

Here is the caller graph for this function:

SFTKSessionObject* sftk_narrowToSessionObject ( SFTKObject *  )

Definition at line 3481 of file pkcs11u.c.

{
    return !sftk_isToken(obj->handle) ? (SFTKSessionObject *)obj : NULL;
}

Here is the caller graph for this function:

SFTKTokenObject* sftk_narrowToTokenObject ( SFTKObject *  )

Definition at line 3487 of file pkcs11u.c.

{
    return sftk_isToken(obj->handle) ? (SFTKTokenObject *)obj : NULL;
}

Here is the caller graph for this function:

SFTKObject* sftk_NewObject ( SFTKSlot *  slot)

Definition at line 2289 of file pkcs11u.c.

{
    SFTKObject *object;
    SFTKSessionObject *sessObject;
    PRBool hasLocks = PR_FALSE;
    unsigned int i;
    unsigned int hashSize = 0;

    hashSize = (slot->optimizeSpace) ? SPACE_ATTRIBUTE_HASH_SIZE :
                            TIME_ATTRIBUTE_HASH_SIZE;

    object = sftk_GetObjectFromList(&hasLocks, slot->optimizeSpace,
                            &sessionObjectList,  hashSize, PR_TRUE);
    if (object == NULL) {
       return NULL;
    }
    sessObject = (SFTKSessionObject *)object;
    sessObject->nextAttr = 0;

    for (i=0; i < MAX_OBJS_ATTRS; i++) {
       sessObject->attrList[i].attrib.pValue = NULL;
       sessObject->attrList[i].freeData = PR_FALSE;
    }
    sessObject->optimizeSpace = slot->optimizeSpace;

    object->handle = 0;
    object->next = object->prev = NULL;
    object->slot = slot;
    
    object->refCount = 1;
    sessObject->sessionList.next = NULL;
    sessObject->sessionList.prev = NULL;
    sessObject->sessionList.parent = object;
    sessObject->session = NULL;
    sessObject->wasDerived = PR_FALSE;
    if (!hasLocks) object->refLock = PZ_NewLock(nssILockRefLock);
    if (object->refLock == NULL) {
       PORT_Free(object);
       return NULL;
    }
    if (!hasLocks) sessObject->attributeLock = PZ_NewLock(nssILockAttribute);
    if (sessObject->attributeLock == NULL) {
       PZ_DestroyLock(object->refLock);
       PORT_Free(object);
       return NULL;
    }
    for (i=0; i < sessObject->hashSize; i++) {
       sessObject->head[i] = NULL;
    }
    object->objectInfo = NULL;
    object->infoFree = NULL;
    return object;
}

Here is the caller graph for this function:

SFTKSession* sftk_NewSession ( CK_SLOT_ID  slotID,
CK_NOTIFY  notify,
CK_VOID_PTR  pApplication,
CK_FLAGS  flags 
)

Definition at line 3160 of file pkcs11u.c.

{
    SFTKSession *session;
    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE);

    if (slot == NULL) return NULL;

    session = (SFTKSession*)PORT_Alloc(sizeof(SFTKSession));
    if (session == NULL) return NULL;

    session->next = session->prev = NULL;
    session->refCount = 1;
    session->enc_context = NULL;
    session->hash_context = NULL;
    session->sign_context = NULL;
    session->search = NULL;
    session->objectIDCount = 1;
    session->objectLock = PZ_NewLock(nssILockObject);
    if (session->objectLock == NULL) {
       PORT_Free(session);
       return NULL;
    }
    session->objects[0] = NULL;

    session->slot = slot;
    session->notify = notify;
    session->appData = pApplication;
    session->info.flags = flags;
    session->info.slotID = slotID;
    session->info.ulDeviceError = 0;
    sftk_update_state(slot,session);
    return session;
}

Here is the caller graph for this function:

SFTKObject* sftk_NewTokenObject ( SFTKSlot *  slot,
SECItem *  dbKey,
CK_OBJECT_HANDLE  handle 
)

Definition at line 3383 of file pkcs11u.c.

{
    SFTKObject *object = NULL;
    SFTKTokenObject *tokObject = NULL;
    PRBool hasLocks = PR_FALSE;
    SECStatus rv;

    object = sftk_GetObjectFromList(&hasLocks, PR_FALSE, &tokenObjectList,  0,
                                                 PR_FALSE);
    if (object == NULL) {
       return NULL;
    }
    tokObject = (SFTKTokenObject *) object;

    object->objclass = handleToClass(handle);
    object->handle = handle;
    object->slot = slot;
    object->objectInfo = NULL;
    object->infoFree = NULL;
    if (dbKey == NULL) {
       sftk_tokenKeyLock(slot);
       dbKey = sftk_lookupTokenKeyByHandle(slot,handle);
       if (dbKey == NULL) {
           sftk_tokenKeyUnlock(slot);
           goto loser;
       }
       rv = SECITEM_CopyItem(NULL,&tokObject->dbKey,dbKey);
       sftk_tokenKeyUnlock(slot);
    } else {
       rv = SECITEM_CopyItem(NULL,&tokObject->dbKey,dbKey);
    }
    if (rv != SECSuccess) {
       goto loser;
    }
    if (!hasLocks) {
       object->refLock = PZ_NewLock(nssILockRefLock);
    }
    if (object->refLock == NULL) {
       goto loser;
    }
    object->refCount = 1;

    return object;
loser:
    if (object) {
       (void) sftk_DestroyObject(object);
    }
    return NULL;

}

Here is the caller graph for this function:

void sftk_nullAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 1547 of file pkcs11u.c.

{
    SFTKAttribute *attribute;

    attribute=sftk_FindAttribute(object,type);
    if (attribute == NULL) return;

    if (attribute->attrib.pValue != NULL) {
       PORT_Memset(attribute->attrib.pValue,0,attribute->attrib.ulValueLen);
       if (attribute->freeData) {
           PORT_Free(attribute->attrib.pValue);
       }
       attribute->freeData = PR_FALSE;
       attribute->attrib.pValue = NULL;
       attribute->attrib.ulValueLen = 0;
    }
    sftk_FreeAttribute(attribute);
}
SFTKObject* sftk_ObjectFromHandle ( CK_OBJECT_HANDLE  handle,
SFTKSession *  session 
)

Definition at line 2432 of file pkcs11u.c.

Here is the caller graph for this function:

PRBool sftk_poisonHandle ( SFTKSlot *  slot,
SECItem *  dbkey,
CK_OBJECT_HANDLE  handle 
)

Definition at line 3323 of file pkcs11u.c.

{
    unsigned char hashBuf[4];
    CK_OBJECT_HANDLE handle;
    SECItem *key;

    handle = class;
    /* there is only one KRL, use a fixed handle for it */
    if (handle != SFTK_TOKEN_KRL_HANDLE) {
       sftk_XORHash(hashBuf,dbKey->data,dbKey->len);
       handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | 
                                   (hashBuf[2] << 8)  | hashBuf[3];
       handle = SFTK_TOKEN_MAGIC | class | 
                     (handle & ~(SFTK_TOKEN_TYPE_MASK|SFTK_TOKEN_MASK));
       /* we have a CRL who's handle has randomly matched the reserved KRL
        * handle, increment it */
       if (handle == SFTK_TOKEN_KRL_HANDLE) {
           handle++;
       }
    }
    sftk_tokenKeyLock(slot);
    while ((key = sftk_lookupTokenKeyByHandle(slot,handle)) != NULL) {
       if (SECITEM_ItemsAreEqual(key,dbKey)) {
          key->data[0] ^= 0x80;
          sftk_tokenKeyUnlock(slot);
          return PR_TRUE;
       }
       handle++;
    }
    sftk_tokenKeyUnlock(slot);
    return PR_FALSE;
}

Here is the caller graph for this function:

void sftk_ReferenceObject ( SFTKObject *  object)

Definition at line 2400 of file pkcs11u.c.

{
    PZ_Lock(object->refLock);
    object->refCount++;
    PZ_Unlock(object->refLock);
}

Here is the caller graph for this function:

CK_RV sftk_searchObjectList ( SFTKSearchResults *  search,
SFTKObject **  head,
unsigned int  size,
PZLock lock,
CK_ATTRIBUTE_PTR  inTemplate,
int  count,
PRBool  isLoggedIn 
)

Definition at line 3035 of file pkcs11u.c.

{
    unsigned int i;
    SFTKObject *object;
    CK_RV crv = CKR_OK;

    for(i=0; i < size; i++) {
        /* We need to hold the lock to copy a consistant version of
         * the linked list. */
        PZ_Lock(lock);
       for (object = head[i]; object != NULL; object= object->next) {
           if (sftk_objectMatch(object,theTemplate,count)) {
              /* don't return objects that aren't yet visible */
              if ((!isLoggedIn) && sftk_isTrue(object,CKA_PRIVATE)) continue;
              sftk_addHandle(search,object->handle);
           }
       }
        PZ_Unlock(lock);
    }
    return crv;
}

Here is the caller graph for this function:

SFTKSession* sftk_SessionFromHandle ( CK_SESSION_HANDLE  handle)

Definition at line 3234 of file pkcs11u.c.

{
    SFTKSlot  *slot = sftk_SlotFromSessionHandle(handle);
    SFTKSession *session;
    PZLock    *lock;
    
    if (!slot) return NULL;
    lock = SFTK_SESSION_LOCK(slot,handle);

    PZ_Lock(lock);
    sftkqueue_find(session,handle,slot->head,slot->sessHashSize);
    if (session) session->refCount++;
    PZ_Unlock(lock);

    return (session);
}

Here is the caller graph for this function:

CK_RV SFTK_ShutdownSlot ( SFTKSlot *  slot)

Definition at line 2836 of file pkcs11.c.

{
    /* make sure no new PK11 calls work except C_GetSlotInfo */
    slot->present = PR_FALSE;

    /* close all outstanding sessions
     * the sessHashSize variable guarentees we have all the session
     * mechanism set up */
    if (slot->head) {
       sft_CloseAllSession(slot);
     }

    /* clear all objects.. session objects are cleared as a result of
     * closing all the sessions. We just need to clear the token object
     * cache. slot->tokObjHashTable guarentees we have the token 
     * infrastructure set up. */
    if (slot->tokObjHashTable) {
       SFTK_ClearTokenKeyHashTable(slot);
    }

    /* clear the slot description for the next guy */
    PORT_Memset(slot->tokDescription, 0, sizeof(slot->tokDescription));

    /* now shut down the databases. */
    sftk_DBShutdown(slot);
    return CKR_OK;
}
SFTKSlot* sftk_SlotFromID ( CK_SLOT_ID  slotID,
PRBool  all 
)

Definition at line 2452 of file pkcs11.c.

{
    SFTKSlot *slot;
    int index = sftk_GetModuleIndex(slotID);
    
    if (nscSlotHashTable[index] == NULL) return NULL;
    slot = (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], 
                                                 (void *)slotID);
    /* cleared slots shouldn't 'show up' */
    if (slot && !all && !slot->present) slot = NULL;
    return slot;
}

Definition at line 2466 of file pkcs11.c.

{
    CK_ULONG slotIDIndex = (handle >> 24) & 0x7f;
    CK_ULONG moduleIndex = (handle >> 31) & 1;

    if (slotIDIndex >= nscSlotCount[moduleIndex]) {
       return NULL;
    }

    return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE);
}
CK_RV SFTK_SlotInit ( char *  configdir,
sftk_token_parameters params,
int  moduleIndex 
)

Definition at line 2672 of file pkcs11.c.

{
    unsigned int i;
    CK_SLOT_ID slotID = params->slotID;
    SFTKSlot *slot;
    CK_RV crv = CKR_HOST_MEMORY;

    /*
     * first we initialize everything that is 'permanent' with this slot.
     * that is everything we aren't going to shutdown if we close this slot
     * and open it up again with different databases */

    slot = PORT_ZNew(SFTKSlot);

    if (slot == NULL) {
       return CKR_HOST_MEMORY;
    }

    slot->optimizeSpace = params->optimizeSpace;
    if (slot->optimizeSpace) {
       slot->sessObjHashSize = SPACE_SESSION_OBJECT_HASH_SIZE;
       slot->sessHashSize = SPACE_SESSION_HASH_SIZE;
       slot->numSessionLocks = 1;
    } else {
       slot->sessObjHashSize = TIME_SESSION_OBJECT_HASH_SIZE;
       slot->sessHashSize = TIME_SESSION_HASH_SIZE;
       slot->numSessionLocks = slot->sessHashSize/BUCKETS_PER_SESSION_LOCK;
    }
    slot->sessionLockMask = slot->numSessionLocks-1;

    slot->slotLock = PZ_NewLock(nssILockSession);
    if (slot->slotLock == NULL)
       goto mem_loser;
    slot->sessionLock = PORT_ZNewArray(PZLock *, slot->numSessionLocks);
    if (slot->sessionLock == NULL)
       goto mem_loser;
    for (i=0; i < slot->numSessionLocks; i++) {
        slot->sessionLock[i] = PZ_NewLock(nssILockSession);
        if (slot->sessionLock[i] == NULL) 
           goto mem_loser;
    }
    slot->objectLock = PZ_NewLock(nssILockObject);
    if (slot->objectLock == NULL) 
       goto mem_loser;
    slot->pwCheckLock = PR_NewLock();
    if (slot->pwCheckLock == NULL) 
       goto mem_loser;
    slot->head = PORT_ZNewArray(SFTKSession *, slot->sessHashSize);
    if (slot->head == NULL) 
       goto mem_loser;
    slot->sessObjHashTable = PORT_ZNewArray(SFTKObject *, slot->sessObjHashSize);
    if (slot->sessObjHashTable == NULL) 
       goto mem_loser;
    slot->tokObjHashTable = PL_NewHashTable(64,sftk_HashNumber,PL_CompareValues,
                                   SECITEM_HashCompare, NULL, 0);
    if (slot->tokObjHashTable == NULL) 
       goto mem_loser;

    slot->sessionIDCount = 0;
    slot->sessionObjectHandleCount = minSessionObjectHandle;
    slot->slotID = slotID;
    sftk_setStringName(params->slotdes ? params->slotdes : 
             sftk_getDefSlotName(slotID), slot->slotDescription, 
                                          sizeof(slot->slotDescription));

    /* call the reinit code to set everything that changes between token
     * init calls */
    crv = SFTK_SlotReInit(slot, configdir, params, moduleIndex);
    if (crv != CKR_OK) {
       goto loser;
    }
    crv = sftk_RegisterSlot(slot, moduleIndex);
    if (crv != CKR_OK) {
       goto loser;
    }
    return CKR_OK;

mem_loser:
    crv = CKR_HOST_MEMORY;
loser:
   SFTK_DestroySlotData(slot);
    return crv;
}
CK_RV SFTK_SlotReInit ( SFTKSlot *  slot,
char *  configdir,
sftk_token_parameters params,
int  moduleIndex 
)

Definition at line 2605 of file pkcs11.c.

{
    PRBool needLogin = !params->noKeyDB;
    CK_RV crv;

    slot->hasTokens = PR_FALSE;
    slot->sessionIDConflict = 0;
    slot->sessionCount = 0;
    slot->rwSessionCount = 0;
    slot->needLogin = PR_FALSE;
    slot->isLoggedIn = PR_FALSE;
    slot->ssoLoggedIn = PR_FALSE;
    slot->DB_loaded = PR_FALSE;
    slot->certDB = NULL;
    slot->keyDB = NULL;
    slot->minimumPinLen = 0;
    slot->readOnly = params->readOnly;
    sftk_setStringName(params->tokdes ? params->tokdes : 
       sftk_getDefTokName(slot->slotID), slot->tokDescription, 
                                          sizeof(slot->tokDescription));

    if ((!params->noCertDB) || (!params->noKeyDB)) {
       NSSLOWCERTCertDBHandle * certHandle = NULL;
       NSSLOWKEYDBHandle *keyHandle = NULL;
       crv = sftk_DBInit(params->configdir ? params->configdir : configdir,
              params->certPrefix, params->keyPrefix, params->readOnly,
              params->noCertDB, params->noKeyDB, params->forceOpen, 
                                          &certHandle, &keyHandle);
       if (crv != CKR_OK) {
           goto loser;
       }

       if (nsslowcert_needDBVerify(certHandle)) {
           sftk_DBVerify(certHandle, keyHandle);
       }
       slot->certDB = certHandle;
       slot->keyDB = keyHandle;
    }
    if (needLogin) {
       /* if the data base is initialized with a null password,remember that */
       slot->needLogin = 
              (PRBool)!sftk_hasNullPassword(slot->keyDB,&slot->password);
       if ((params->minPW >= 0) && (params->minPW <= SFTK_MAX_PIN)) {
           slot->minimumPinLen = params->minPW;
       }
       if ((slot->minimumPinLen == 0) && (params->pwRequired)) {
           slot->minimumPinLen = 1;
       }
       if ((moduleIndex == NSC_FIPS_MODULE) &&
              (slot->minimumPinLen < FIPS_MIN_PIN)) {
           slot->minimumPinLen = FIPS_MIN_PIN;
       }
    }

    slot->present = PR_TRUE;
    return CKR_OK;

loser:
    SFTK_ShutdownSlot(slot);
    return crv;
}
CK_RV sftk_TLSPRFInit ( SFTKSessionContext *  context,
SFTKObject *  key,
CK_KEY_TYPE  key_type 
)

Definition at line 169 of file tlsprf.c.

{
    SFTKAttribute * keyVal;
    TLSPRFContext * prf_cx;
    CK_RV           crv = CKR_HOST_MEMORY;
    PRUint32        keySize;
    PRUint32        blockSize;

    if (key_type != CKK_GENERIC_SECRET)
       return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */

    context->multi = PR_TRUE;

    keyVal = sftk_FindAttribute(key, CKA_VALUE);
    keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
    blockSize = keySize + sizeof(TLSPRFContext);
    prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
    if (!prf_cx) 
       goto done;
    prf_cx->cxSize    = blockSize;
    prf_cx->cxKeyLen  = keySize;
    prf_cx->cxDataLen = 0;
    prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf);
    prf_cx->cxRv      = SECSuccess;
    prf_cx->cxIsFIPS  = (key->slot->slotID == FIPS_SLOT_ID);
    prf_cx->cxBufPtr  = prf_cx->cxBuf;
    if (keySize)
       PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize);

    context->hashInfo    = (void *) prf_cx;
    context->cipherInfo  = (void *) prf_cx;
    context->hashUpdate  = (SFTKHash)    sftk_TLSPRFHashUpdate;
    context->end         = (SFTKEnd)     sftk_TLSPRFEnd;
    context->update      = (SFTKCipher)  sftk_TLSPRFUpdate;
    context->verify      = (SFTKVerify)  sftk_TLSPRFVerify;
    context->destroy     = (SFTKDestroy) sftk_TLSPRFNull;
    context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy;
    crv = CKR_OK;

done:
    if (keyVal) 
       sftk_FreeAttribute(keyVal);
    return crv;
}

Here is the caller graph for this function:

PRBool sftk_tokenMatch ( SFTKSlot *  slot,
SECItem *  dbKey,
CK_OBJECT_HANDLE  class,
CK_ATTRIBUTE_PTR  theTemplate,
int  count 
)

Definition at line 3435 of file pkcs11u.c.

{
    SFTKObject *object;
    PRBool ret;

    object = sftk_NewTokenObject(slot,dbKey,SFTK_TOKEN_MASK|class);
    if (object == NULL) {
       return PR_FALSE;
    }

    ret = sftk_objectMatch(object,theTemplate,count);
    sftk_FreeObject(object);
    return ret;
}

Here is the caller graph for this function:

void sftk_update_all_states ( SFTKSlot *  slot)

Definition at line 3121 of file pkcs11u.c.

{
    unsigned int i;
    SFTKSession *session;

    for (i=0; i < slot->sessHashSize; i++) {
       PZLock *lock = SFTK_SESSION_LOCK(slot,i);
       PZ_Lock(lock);
       for (session = slot->head[i]; session; session = session->next) {
           sftk_update_state(slot,session);
       }
       PZ_Unlock(lock);
    }
}

Here is the caller graph for this function:

void sftk_update_state ( SFTKSlot *  slot,
SFTKSession *  session 
)

Definition at line 3100 of file pkcs11u.c.

{
    if (slot->isLoggedIn) {
       if (slot->ssoLoggedIn) {
           session->info.state = CKS_RW_SO_FUNCTIONS;
       } else if (session->info.flags & CKF_RW_SESSION) {
           session->info.state = CKS_RW_USER_FUNCTIONS;
       } else {
           session->info.state = CKS_RO_USER_FUNCTIONS;
       }
    } else {
       if (session->info.flags & CKF_RW_SESSION) {
           session->info.state = CKS_RW_PUBLIC_SESSION;
       } else {
           session->info.state = CKS_RO_PUBLIC_SESSION;
       }
    }
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 440 of file fipstokn.c.