mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 11:15:34 +00:00
PKCS #11 module to supply Access to the Mac OS X Keychain.
This commit is contained in:
parent
82e02aaf47
commit
cdcebb8e7e
105
security/nss/lib/ckfw/nssmkey/Makefile
Normal file
105
security/nss/lib/ckfw/nssmkey/Makefile
Normal file
@ -0,0 +1,105 @@
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
|
||||
|
||||
include manifest.mn
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
include config.mk
|
||||
|
||||
EXTRA_LIBS = \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
|
||||
$(NULL)
|
||||
|
||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
|
||||
ifdef NS_USE_GCC
|
||||
EXTRA_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
else
|
||||
EXTRA_SHARED_LIBS += \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
|
||||
$(NULL)
|
||||
endif # NS_USE_GCC
|
||||
else
|
||||
|
||||
EXTRA_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
-framework Security \
|
||||
-framework CoreServices \
|
||||
$(NULL)
|
||||
endif
|
||||
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
|
||||
# Generate certdata.c.
|
||||
generate:
|
||||
perl certdata.perl < certdata.txt
|
||||
|
||||
# This'll need some help from a build person.
|
||||
|
||||
|
||||
ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
|
||||
DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry
|
||||
EXTRA_DSO_LDOPTS = -lc
|
||||
MKSHLIB = xlC $(DSO_LDOPTS)
|
||||
|
||||
$(SHARED_LIBRARY): $(OBJS)
|
||||
@$(MAKE_OBJDIR)
|
||||
rm -f $@
|
||||
$(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
|
||||
chmod +x $@
|
||||
|
||||
endif
|
||||
|
||||
ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
|
||||
LD += -G
|
||||
endif
|
||||
|
||||
|
21
security/nss/lib/ckfw/nssmkey/README
Normal file
21
security/nss/lib/ckfw/nssmkey/README
Normal file
@ -0,0 +1,21 @@
|
||||
This Cryptoki module provides acces to certs and keys stored in
|
||||
Macintosh key Ring.
|
||||
|
||||
- It does not yet export PKCS #12 keys. To get this to work should be
|
||||
implemented using exporting the key object in PKCS #8 wrapped format.
|
||||
PSM work needs to happen before this can be completed.
|
||||
- It does not import or export CA Root trust from the mac keychain.
|
||||
- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
|
||||
- The AuthRoots don't show up on the default list.
|
||||
- Only RSA keys are supported currently.
|
||||
|
||||
There are a number of things that have not been tested that other PKCS #11
|
||||
apps may need:
|
||||
- reading Modulus and Public Exponents from private keys and public keys.
|
||||
- storing public keys.
|
||||
- setting attributes other than CKA_ID and CKA_LABEL.
|
||||
|
||||
Other TODOs:
|
||||
- Check for and plug memory leaks.
|
||||
- Need to map mac errors into something more intellegible than
|
||||
CKR_GENERAL_ERROR.
|
236
security/nss/lib/ckfw/nssmkey/ckmk.h
Normal file
236
security/nss/lib/ckfw/nssmkey/ckmk.h
Normal file
@ -0,0 +1,236 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef CKMK_H
|
||||
#define CKMK_H 1
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CKMK_CVS_ID[] = "@(#) $RCSfile: ckmk.h,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include <Security/SecKeychainSearch.h>
|
||||
#include <Security/SecKeychainItem.h>
|
||||
#include <Security/SecKeychain.h>
|
||||
#include <Security/cssmtype.h>
|
||||
#include <Security/cssmapi.h>
|
||||
#include <Security/SecKey.h>
|
||||
#include <Security/SecCertificate.h>
|
||||
|
||||
#define NTO
|
||||
|
||||
#include "nssckmdt.h"
|
||||
#include "nssckfw.h"
|
||||
/*
|
||||
* I'm including this for access to the arena functions.
|
||||
* Looks like we should publish that API.
|
||||
*/
|
||||
#ifndef BASE_H
|
||||
#include "base.h"
|
||||
#endif /* BASE_H */
|
||||
/*
|
||||
* This is where the Netscape extensions live, at least for now.
|
||||
*/
|
||||
#ifndef CKT_H
|
||||
#include "ckt.h"
|
||||
#endif /* CKT_H */
|
||||
|
||||
/*
|
||||
* statically defined raw objects. Allows us to data description objects
|
||||
* to this PKCS #11 module.
|
||||
*/
|
||||
struct ckmkRawObjectStr {
|
||||
CK_ULONG n;
|
||||
const CK_ATTRIBUTE_TYPE *types;
|
||||
const NSSItem *items;
|
||||
};
|
||||
typedef struct ckmkRawObjectStr ckmkRawObject;
|
||||
|
||||
/*
|
||||
* Key/Cert Items
|
||||
*/
|
||||
struct ckmkItemObjectStr {
|
||||
SecKeychainItemRef itemRef;
|
||||
SecItemClass itemClass;
|
||||
PRBool hasID;
|
||||
NSSItem modify;
|
||||
NSSItem private;
|
||||
NSSItem encrypt;
|
||||
NSSItem decrypt;
|
||||
NSSItem derive;
|
||||
NSSItem sign;
|
||||
NSSItem signRecover;
|
||||
NSSItem verify;
|
||||
NSSItem verifyRecover;
|
||||
NSSItem wrap;
|
||||
NSSItem unwrap;
|
||||
NSSItem label;
|
||||
NSSItem subject;
|
||||
NSSItem issuer;
|
||||
NSSItem serial;
|
||||
NSSItem derCert;
|
||||
NSSItem id;
|
||||
NSSItem modulus;
|
||||
NSSItem exponent;
|
||||
NSSItem privateExponent;
|
||||
NSSItem prime1;
|
||||
NSSItem prime2;
|
||||
NSSItem exponent1;
|
||||
NSSItem exponent2;
|
||||
NSSItem coefficient;
|
||||
};
|
||||
typedef struct ckmkItemObjectStr ckmkItemObject;
|
||||
|
||||
typedef enum {
|
||||
ckmkRaw,
|
||||
ckmkItem,
|
||||
} ckmkObjectType;
|
||||
|
||||
/*
|
||||
* all the various types of objects are abstracted away in cobject and
|
||||
* cfind as ckmkInternalObjects.
|
||||
*/
|
||||
struct ckmkInternalObjectStr {
|
||||
ckmkObjectType type;
|
||||
union {
|
||||
ckmkRawObject raw;
|
||||
ckmkItemObject item;
|
||||
} u;
|
||||
CK_OBJECT_CLASS objClass;
|
||||
NSSItem hashKey;
|
||||
unsigned char hashKeyData[128];
|
||||
NSSCKMDObject mdObject;
|
||||
};
|
||||
typedef struct ckmkInternalObjectStr ckmkInternalObject;
|
||||
|
||||
/* our raw object data array */
|
||||
NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[];
|
||||
NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects;
|
||||
|
||||
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_ManufacturerID;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_LibraryDescription;
|
||||
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_SlotDescription;
|
||||
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion;
|
||||
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenLabel;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenModel;
|
||||
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenSerialNumber;
|
||||
|
||||
NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance;
|
||||
NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot;
|
||||
NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken;
|
||||
NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA;
|
||||
|
||||
NSS_EXTERN NSSCKMDSession *
|
||||
nss_ckmk_CreateSession
|
||||
(
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_RV *pError
|
||||
);
|
||||
|
||||
NSS_EXTERN NSSCKMDFindObjects *
|
||||
nss_ckmk_FindObjectsInit
|
||||
(
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_RV *pError
|
||||
);
|
||||
|
||||
/*
|
||||
* Object Utilities
|
||||
*/
|
||||
NSS_EXTERN NSSCKMDObject *
|
||||
nss_ckmk_CreateMDObject
|
||||
(
|
||||
NSSArena *arena,
|
||||
ckmkInternalObject *io,
|
||||
CK_RV *pError
|
||||
);
|
||||
|
||||
NSS_EXTERN NSSCKMDObject *
|
||||
nss_ckmk_CreateObject
|
||||
(
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_RV *pError
|
||||
);
|
||||
|
||||
NSS_EXTERN const NSSItem *
|
||||
nss_ckmk_FetchAttribute
|
||||
(
|
||||
ckmkInternalObject *io,
|
||||
CK_ATTRIBUTE_TYPE type,
|
||||
CK_RV *pError
|
||||
);
|
||||
|
||||
NSS_EXTERN void
|
||||
nss_ckmk_DestroyInternalObject
|
||||
(
|
||||
ckmkInternalObject *io
|
||||
);
|
||||
|
||||
unsigned char *
|
||||
nss_ckmk_DERUnwrap
|
||||
(
|
||||
unsigned char *src,
|
||||
int size,
|
||||
int *outSize,
|
||||
unsigned char **next
|
||||
);
|
||||
|
||||
CK_ULONG
|
||||
nss_ckmk_GetULongAttribute
|
||||
(
|
||||
CK_ATTRIBUTE_TYPE type,
|
||||
CK_ATTRIBUTE *template,
|
||||
CK_ULONG templateSize,
|
||||
CK_RV *pError;
|
||||
);
|
||||
|
||||
#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
|
||||
|
||||
#ifdef DEBUG
|
||||
#define CKMK_MACERR(str,err) cssmPerror(str,err)
|
||||
#else
|
||||
#define CKMK_MACERR(str,err)
|
||||
#endif
|
||||
|
||||
#endif
|
59
security/nss/lib/ckfw/nssmkey/ckmkver.c
Normal file
59
security/nss/lib/ckfw/nssmkey/ckmkver.c
Normal file
@ -0,0 +1,59 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* Library identity and versioning */
|
||||
|
||||
#include "nssmkey.h"
|
||||
|
||||
#if defined(DEBUG)
|
||||
#define _DEBUG_STRING " (debug)"
|
||||
#else
|
||||
#define _DEBUG_STRING ""
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Version information for the 'ident' and 'what commands
|
||||
*
|
||||
* NOTE: the first component of the concatenated rcsid string
|
||||
* must not end in a '$' to prevent rcs keyword substitution.
|
||||
*/
|
||||
const char __nss_ckmk_rcsid[] = "$Header: NSS Access to the MAC OS X Key Ring "
|
||||
NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING
|
||||
" " __DATE__ " " __TIME__ " $";
|
||||
const char __nss_ckmk_sccsid[] = "@(#)NSS Access to the MAC OS X Key Ring "
|
||||
NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING
|
||||
" " __DATE__ " " __TIME__;
|
57
security/nss/lib/ckfw/nssmkey/config.mk
Normal file
57
security/nss/lib/ckfw/nssmkey/config.mk
Normal file
@ -0,0 +1,57 @@
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
|
||||
|
||||
ifdef BUILD_IDG
|
||||
DEFINES += -DNSSDEBUG
|
||||
endif
|
||||
|
||||
ifdef NS_USE_CKFW_TRACE
|
||||
DEFINES += -DTRACE
|
||||
endif
|
||||
|
||||
#
|
||||
# Override TARGETS variable so that only static libraries
|
||||
# are specifed as dependencies within rules.mk.
|
||||
#
|
||||
|
||||
TARGETS = $(LIBRARY)
|
||||
SHARED_LIBRARY =
|
||||
IMPORT_LIBRARY =
|
||||
PROGRAM =
|
||||
|
||||
|
55
security/nss/lib/ckfw/nssmkey/manchor.c
Normal file
55
security/nss/lib/ckfw/nssmkey/manchor.c
Normal file
@ -0,0 +1,55 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: manchor.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
* nssmkey/manchor.c
|
||||
*
|
||||
* This file "anchors" the actual cryptoki entry points in this module's
|
||||
* shared library, which is required for dynamic loading. See the
|
||||
* comments in nssck.api for more information.
|
||||
*/
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
#define MODULE_NAME ckmk
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance
|
||||
#include "nssck.api"
|
66
security/nss/lib/ckfw/nssmkey/manifest.mn
Normal file
66
security/nss/lib/ckfw/nssmkey/manifest.mn
Normal file
@ -0,0 +1,66 @@
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
|
||||
|
||||
CORE_DEPTH = ../../../..
|
||||
|
||||
MODULE = nss
|
||||
MAPFILE = $(OBJDIR)/nssmkey.def
|
||||
|
||||
EXPORTS = \
|
||||
nssmkey.h \
|
||||
$(NULL)
|
||||
|
||||
CSRCS = \
|
||||
manchor.c \
|
||||
mconstants.c \
|
||||
mfind.c \
|
||||
minst.c \
|
||||
mobject.c \
|
||||
mrsa.c \
|
||||
msession.c \
|
||||
mslot.c \
|
||||
mtoken.c \
|
||||
ckmkver.c \
|
||||
staticobj.c \
|
||||
$(NULL)
|
||||
|
||||
REQUIRES = nspr
|
||||
|
||||
LIBRARY_NAME = nssmkey
|
||||
|
||||
#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
|
96
security/nss/lib/ckfw/nssmkey/mconstants.c
Normal file
96
security/nss/lib/ckfw/nssmkey/mconstants.c
Normal file
@ -0,0 +1,96 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mconstants.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
* nssmkey/constants.c
|
||||
*
|
||||
* Identification and other constants, all collected here in one place.
|
||||
*/
|
||||
|
||||
#ifndef NSSBASET_H
|
||||
#include "nssbaset.h"
|
||||
#endif /* NSSBASET_H */
|
||||
|
||||
#ifndef NSSCKT_H
|
||||
#include "nssckt.h"
|
||||
#endif /* NSSCKT_H */
|
||||
|
||||
#include "nssmkey.h"
|
||||
|
||||
NSS_IMPLEMENT_DATA const CK_VERSION
|
||||
nss_ckmk_CryptokiVersion = {
|
||||
NSS_CKMK_CRYPTOKI_VERSION_MAJOR,
|
||||
NSS_CKMK_CRYPTOKI_VERSION_MINOR };
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation";
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_LibraryDescription = (NSSUTF8 *) "NSS Access to Mac OS X Key Ring";
|
||||
|
||||
NSS_IMPLEMENT_DATA const CK_VERSION
|
||||
nss_ckmk_LibraryVersion = {
|
||||
NSS_CKMK_LIBRARY_VERSION_MAJOR,
|
||||
NSS_CKMK_LIBRARY_VERSION_MINOR};
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_SlotDescription = (NSSUTF8 *) "Mac OS X Key Ring";
|
||||
|
||||
NSS_IMPLEMENT_DATA const CK_VERSION
|
||||
nss_ckmk_HardwareVersion = {
|
||||
NSS_CKMK_HARDWARE_VERSION_MAJOR,
|
||||
NSS_CKMK_HARDWARE_VERSION_MINOR };
|
||||
|
||||
NSS_IMPLEMENT_DATA const CK_VERSION
|
||||
nss_ckmk_FirmwareVersion = {
|
||||
NSS_CKMK_FIRMWARE_VERSION_MAJOR,
|
||||
NSS_CKMK_FIRMWARE_VERSION_MINOR };
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_TokenLabel = (NSSUTF8 *) "Mac OS X Key Ring";
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_TokenModel = (NSSUTF8 *) "1";
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSUTF8 *
|
||||
nss_ckmk_TokenSerialNumber = (NSSUTF8 *) "1";
|
||||
|
404
security/nss/lib/ckfw/nssmkey/mfind.c
Normal file
404
security/nss/lib/ckfw/nssmkey/mfind.c
Normal file
@ -0,0 +1,404 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mfind.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef CKMK_H
|
||||
#include "ckmk.h"
|
||||
#endif /* CKMK_H */
|
||||
|
||||
/*
|
||||
* nssmkey/mfind.c
|
||||
*
|
||||
* This file implements the NSSCKMDFindObjects object for the
|
||||
* "nssmkey" cryptoki module.
|
||||
*/
|
||||
|
||||
struct ckmkFOStr {
|
||||
NSSArena *arena;
|
||||
CK_ULONG n;
|
||||
CK_ULONG i;
|
||||
ckmkInternalObject **objs;
|
||||
};
|
||||
|
||||
static void
|
||||
ckmk_mdFindObjects_Final
|
||||
(
|
||||
NSSCKMDFindObjects *mdFindObjects,
|
||||
NSSCKFWFindObjects *fwFindObjects,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
|
||||
NSSArena *arena = fo->arena;
|
||||
PRUint32 i;
|
||||
|
||||
/* walk down an free the unused 'objs' */
|
||||
for (i=fo->i; i < fo->n ; i++) {
|
||||
nss_ckmk_DestroyInternalObject(fo->objs[i]);
|
||||
}
|
||||
|
||||
nss_ZFreeIf(fo->objs);
|
||||
nss_ZFreeIf(fo);
|
||||
nss_ZFreeIf(mdFindObjects);
|
||||
if ((NSSArena *)NULL != arena) {
|
||||
NSSArena_Destroy(arena);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static NSSCKMDObject *
|
||||
ckmk_mdFindObjects_Next
|
||||
(
|
||||
NSSCKMDFindObjects *mdFindObjects,
|
||||
NSSCKFWFindObjects *fwFindObjects,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSArena *arena,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
|
||||
ckmkInternalObject *io;
|
||||
|
||||
if( fo->i == fo->n ) {
|
||||
*pError = CKR_OK;
|
||||
return (NSSCKMDObject *)NULL;
|
||||
}
|
||||
|
||||
io = fo->objs[ fo->i ];
|
||||
fo->i++;
|
||||
|
||||
return nss_ckmk_CreateMDObject(arena, io, pError);
|
||||
}
|
||||
|
||||
static CK_BBOOL
|
||||
ckmk_attrmatch
|
||||
(
|
||||
CK_ATTRIBUTE_PTR a,
|
||||
ckmkInternalObject *o
|
||||
)
|
||||
{
|
||||
PRBool prb;
|
||||
const NSSItem *b;
|
||||
CK_RV error;
|
||||
|
||||
b = nss_ckmk_FetchAttribute(o, a->type, &error);
|
||||
if (b == NULL) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
if( a->ulValueLen != b->size ) {
|
||||
/* match a decoded serial number */
|
||||
if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
|
||||
int len;
|
||||
unsigned char *data;
|
||||
|
||||
data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL);
|
||||
if ((len == a->ulValueLen) &&
|
||||
nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
}
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
|
||||
|
||||
if( PR_TRUE == prb ) {
|
||||
return CK_TRUE;
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static CK_BBOOL
|
||||
ckmk_match
|
||||
(
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
ckmkInternalObject *o
|
||||
)
|
||||
{
|
||||
CK_ULONG i;
|
||||
|
||||
for( i = 0; i < ulAttributeCount; i++ ) {
|
||||
if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/* Every attribute passed */
|
||||
return CK_TRUE;
|
||||
}
|
||||
|
||||
#define CKMK_ITEM_CHUNK 20
|
||||
|
||||
#define PUT_OBJECT(obj, err, size, count, list) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
(list) = (list) ? \
|
||||
nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
|
||||
((size)+CKMK_ITEM_CHUNK) ) : \
|
||||
nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
|
||||
((size)+CKMK_ITEM_CHUNK) ) ; \
|
||||
if ((ckmkInternalObject **)NULL == list) { \
|
||||
err = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
(size) += CKMK_ITEM_CHUNK; \
|
||||
} \
|
||||
(list)[ count ] = (obj); \
|
||||
count++; \
|
||||
}
|
||||
|
||||
|
||||
/* find all the certs that represent the appropriate object (cert, priv key, or
|
||||
* pub key) in the cert store.
|
||||
*/
|
||||
static PRUint32
|
||||
collect_class(
|
||||
CK_OBJECT_CLASS objClass,
|
||||
SecItemClass itemClass,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
ckmkInternalObject ***listp,
|
||||
PRUint32 *sizep,
|
||||
PRUint32 count,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
ckmkInternalObject *next = NULL;
|
||||
SecKeychainSearchRef searchRef = 0;
|
||||
SecKeychainItemRef itemRef = 0;
|
||||
OSStatus error;
|
||||
|
||||
/* future, build the attribute list based on the template
|
||||
* so we can refine the search */
|
||||
error = SecKeychainSearchCreateFromAttributes(
|
||||
NULL, itemClass, NULL, &searchRef);
|
||||
|
||||
while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
|
||||
/* if we don't have an internal object structure, get one */
|
||||
if ((ckmkInternalObject *)NULL == next) {
|
||||
next = nss_ZNEW(NULL, ckmkInternalObject);
|
||||
if ((ckmkInternalObject *)NULL == next) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
/* fill in the relevant object data */
|
||||
next->type = ckmkItem;
|
||||
next->objClass = objClass;
|
||||
next->u.item.itemRef = itemRef;
|
||||
next->u.item.itemClass = itemClass;
|
||||
|
||||
/* see if this is one of the objects we are looking for */
|
||||
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
|
||||
/* yes, put it on the list */
|
||||
PUT_OBJECT(next, *pError, *sizep, count, *listp);
|
||||
next = NULL; /* this one is on the list, need to allocate a new one now */
|
||||
} else {
|
||||
/* no , release the current item and clear out the structure for reuse */
|
||||
CFRelease(itemRef);
|
||||
/* don't cache the values we just loaded */
|
||||
nsslibc_memset(next, 0, sizeof(*next));
|
||||
}
|
||||
}
|
||||
loser:
|
||||
if (searchRef) {
|
||||
CFRelease(searchRef);
|
||||
}
|
||||
nss_ZFreeIf(next);
|
||||
return count;
|
||||
}
|
||||
|
||||
static PRUint32
|
||||
collect_objects(
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
ckmkInternalObject ***listp,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
PRUint32 i;
|
||||
PRUint32 count = 0;
|
||||
PRUint32 size = 0;
|
||||
CK_OBJECT_CLASS objClass;
|
||||
|
||||
/*
|
||||
* first handle the static build in objects (if any)
|
||||
*/
|
||||
for( i = 0; i < nss_ckmk_nObjects; i++ ) {
|
||||
ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i];
|
||||
|
||||
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) {
|
||||
PUT_OBJECT(o, *pError, size, count, *listp);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* now handle the various object types
|
||||
*/
|
||||
objClass = nss_ckmk_GetULongAttribute(CKA_CLASS,
|
||||
pTemplate, ulAttributeCount, pError);
|
||||
if (CKR_OK != *pError) {
|
||||
objClass = CK_INVALID_HANDLE;
|
||||
}
|
||||
*pError = CKR_OK;
|
||||
switch (objClass) {
|
||||
case CKO_CERTIFICATE:
|
||||
count = collect_class(objClass, kSecCertificateItemClass,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
break;
|
||||
case CKO_PUBLIC_KEY:
|
||||
count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
break;
|
||||
case CKO_PRIVATE_KEY:
|
||||
count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
break;
|
||||
/* all of them */
|
||||
case CK_INVALID_HANDLE:
|
||||
count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY,
|
||||
pTemplate, ulAttributeCount, listp,
|
||||
&size, count, pError);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
if (CKR_OK != *pError) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
return count;
|
||||
loser:
|
||||
nss_ZFreeIf(*listp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
NSS_IMPLEMENT NSSCKMDFindObjects *
|
||||
nss_ckmk_FindObjectsInit
|
||||
(
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
/* This could be made more efficient. I'm rather rushed. */
|
||||
NSSArena *arena;
|
||||
NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
|
||||
struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL;
|
||||
ckmkInternalObject **temp = (ckmkInternalObject **)NULL;
|
||||
|
||||
arena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
rv = nss_ZNEW(arena, NSSCKMDFindObjects);
|
||||
if( (NSSCKMDFindObjects *)NULL == rv ) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
fo = nss_ZNEW(arena, struct ckmkFOStr);
|
||||
if( (struct ckmkFOStr *)NULL == fo ) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
fo->arena = arena;
|
||||
/* fo->n and fo->i are already zero */
|
||||
|
||||
rv->etc = (void *)fo;
|
||||
rv->Final = ckmk_mdFindObjects_Final;
|
||||
rv->Next = ckmk_mdFindObjects_Next;
|
||||
rv->null = (void *)NULL;
|
||||
|
||||
fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
|
||||
if (*pError != CKR_OK) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n);
|
||||
if( (ckmkInternalObject **)NULL == fo->objs ) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
(void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n);
|
||||
nss_ZFreeIf(temp);
|
||||
temp = (ckmkInternalObject **)NULL;
|
||||
|
||||
return rv;
|
||||
|
||||
loser:
|
||||
nss_ZFreeIf(temp);
|
||||
nss_ZFreeIf(fo);
|
||||
nss_ZFreeIf(rv);
|
||||
if ((NSSArena *)NULL != arena) {
|
||||
NSSArena_Destroy(arena);
|
||||
}
|
||||
return (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
|
148
security/nss/lib/ckfw/nssmkey/minst.c
Normal file
148
security/nss/lib/ckfw/nssmkey/minst.c
Normal file
@ -0,0 +1,148 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: minst.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
/*
|
||||
* nssmkey/minstance.c
|
||||
*
|
||||
* This file implements the NSSCKMDInstance object for the
|
||||
* "nssmkey" cryptoki module.
|
||||
*/
|
||||
|
||||
/*
|
||||
* NSSCKMDInstance methods
|
||||
*/
|
||||
|
||||
static CK_ULONG
|
||||
ckmk_mdInstance_GetNSlots
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (CK_ULONG)1;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdInstance_GetCryptokiVersion
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_CryptokiVersion;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdInstance_GetManufacturerID
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdInstance_GetLibraryDescription
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_LibraryDescription;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdInstance_GetLibraryVersion
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_LibraryVersion;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
ckmk_mdInstance_GetSlots
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSCKMDSlot *slots[]
|
||||
)
|
||||
{
|
||||
slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_BBOOL
|
||||
ckmk_mdInstance_ModuleHandlesSessionObjects
|
||||
(
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
/* we don't want to allow any session object creation, at least
|
||||
* until we can investigate whether or not we can use those objects
|
||||
*/
|
||||
return CK_TRUE;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDInstance
|
||||
nss_ckmk_mdInstance = {
|
||||
(void *)NULL, /* etc */
|
||||
NULL, /* Initialize */
|
||||
NULL, /* Finalize */
|
||||
ckmk_mdInstance_GetNSlots,
|
||||
ckmk_mdInstance_GetCryptokiVersion,
|
||||
ckmk_mdInstance_GetManufacturerID,
|
||||
ckmk_mdInstance_GetLibraryDescription,
|
||||
ckmk_mdInstance_GetLibraryVersion,
|
||||
ckmk_mdInstance_ModuleHandlesSessionObjects,
|
||||
/*NULL, /* HandleSessionObjects */
|
||||
ckmk_mdInstance_GetSlots,
|
||||
NULL, /* WaitForSlotEvent */
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
1959
security/nss/lib/ckfw/nssmkey/mobject.c
Normal file
1959
security/nss/lib/ckfw/nssmkey/mobject.c
Normal file
File diff suppressed because it is too large
Load Diff
547
security/nss/lib/ckfw/nssmkey/mrsa.c
Normal file
547
security/nss/lib/ckfw/nssmkey/mrsa.c
Normal file
@ -0,0 +1,547 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2005
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mrsa.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
/* Sigh, For all the talk about 'ease of use', apple has hidden the interfaces
|
||||
* needed to be able to truly use CSSM. These came from their modification
|
||||
* to NSS's S/MIME code. The following two functions currently are not
|
||||
* part of the SecKey.h interface.
|
||||
*/
|
||||
OSStatus
|
||||
SecKeyGetCredentials
|
||||
(
|
||||
SecKeyRef keyRef,
|
||||
CSSM_ACL_AUTHORIZATION_TAG authTag,
|
||||
int type,
|
||||
const CSSM_ACCESS_CREDENTIALS **creds
|
||||
);
|
||||
|
||||
/* this function could be implemented using 'SecKeychainItemCopyKeychain' and
|
||||
* 'SecKeychainGetCSPHandle' */
|
||||
OSStatus
|
||||
SecKeyGetCSPHandle
|
||||
(
|
||||
SecKeyRef keyRef,
|
||||
CSSM_CSP_HANDLE *cspHandle
|
||||
);
|
||||
|
||||
|
||||
typedef struct ckmkInternalCryptoOperationRSAPrivStr
|
||||
ckmkInternalCryptoOperationRSAPriv;
|
||||
struct ckmkInternalCryptoOperationRSAPrivStr
|
||||
{
|
||||
NSSCKMDCryptoOperation mdOperation;
|
||||
NSSCKMDMechanism *mdMechanism;
|
||||
ckmkInternalObject *iKey;
|
||||
NSSItem *buffer;
|
||||
CSSM_CC_HANDLE cssmContext;
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
CKMK_DECRYPT,
|
||||
CKMK_SIGN
|
||||
} ckmkRSAOpType;
|
||||
|
||||
/*
|
||||
* ckmk_mdCryptoOperationRSAPriv_Create
|
||||
*/
|
||||
static NSSCKMDCryptoOperation *
|
||||
ckmk_mdCryptoOperationRSAPriv_Create
|
||||
(
|
||||
const NSSCKMDCryptoOperation *proto,
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKMDObject *mdKey,
|
||||
ckmkRSAOpType type,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc;
|
||||
const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError);
|
||||
const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError);
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation;
|
||||
SecKeyRef privateKey;
|
||||
OSStatus macErr;
|
||||
CSSM_RETURN cssmErr;
|
||||
const CSSM_KEY *cssmKey;
|
||||
CSSM_CSP_HANDLE cspHandle;
|
||||
const CSSM_ACCESS_CREDENTIALS *creds = NULL;
|
||||
CSSM_CC_HANDLE cssmContext;
|
||||
CSSM_ACL_AUTHORIZATION_TAG authType;
|
||||
|
||||
/* make sure we have the right objects */
|
||||
if (((const NSSItem *)NULL == classItem) ||
|
||||
(sizeof(CK_OBJECT_CLASS) != classItem->size) ||
|
||||
(CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
|
||||
((const NSSItem *)NULL == keyType) ||
|
||||
(sizeof(CK_KEY_TYPE) != keyType->size) ||
|
||||
(CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
|
||||
*pError = CKR_KEY_TYPE_INCONSISTENT;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
|
||||
privateKey = (SecKeyRef) iKey->u.item.itemRef;
|
||||
macErr = SecKeyGetCSSMKey(privateKey, &cssmKey);
|
||||
if (noErr != macErr) {
|
||||
CKMK_MACERR("Getting CSSM Key", macErr);
|
||||
*pError = CKR_KEY_HANDLE_INVALID;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
macErr = SecKeyGetCSPHandle(privateKey, &cspHandle);
|
||||
if (noErr != macErr) {
|
||||
CKMK_MACERR("Getting CSP for Key", macErr);
|
||||
*pError = CKR_KEY_HANDLE_INVALID;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
switch (type) {
|
||||
case CKMK_DECRYPT:
|
||||
authType = CSSM_ACL_AUTHORIZATION_DECRYPT;
|
||||
break;
|
||||
case CKMK_SIGN:
|
||||
authType = CSSM_ACL_AUTHORIZATION_SIGN;
|
||||
break;
|
||||
default:
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
#ifdef DEBUG
|
||||
fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type);
|
||||
#endif
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
|
||||
macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds);
|
||||
if (noErr != macErr) {
|
||||
CKMK_MACERR("Getting Credentials for Key", macErr);
|
||||
*pError = CKR_KEY_HANDLE_INVALID;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
|
||||
switch (type) {
|
||||
case CKMK_DECRYPT:
|
||||
cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA,
|
||||
creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext);
|
||||
break;
|
||||
case CKMK_SIGN:
|
||||
cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
|
||||
creds, cssmKey, &cssmContext);
|
||||
break;
|
||||
default:
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
#ifdef DEBUG
|
||||
fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type);
|
||||
#endif
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
if (noErr != cssmErr) {
|
||||
CKMK_MACERR("Getting Context for Key", cssmErr);
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
|
||||
iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv);
|
||||
if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKMDCryptoOperation *)NULL;
|
||||
}
|
||||
iOperation->mdMechanism = mdMechanism;
|
||||
iOperation->iKey = iKey;
|
||||
iOperation->cssmContext = cssmContext;
|
||||
|
||||
nsslibc_memcpy(&iOperation->mdOperation,
|
||||
proto, sizeof(NSSCKMDCryptoOperation));
|
||||
iOperation->mdOperation.etc = iOperation;
|
||||
|
||||
return &iOperation->mdOperation;
|
||||
}
|
||||
|
||||
static void
|
||||
ckmk_mdCryptoOperationRSAPriv_Destroy
|
||||
(
|
||||
NSSCKMDCryptoOperation *mdOperation,
|
||||
NSSCKFWCryptoOperation *fwOperation,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation =
|
||||
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
|
||||
|
||||
if (iOperation->buffer) {
|
||||
nssItem_Destroy(iOperation->buffer);
|
||||
}
|
||||
if (iOperation->cssmContext) {
|
||||
CSSM_DeleteContext(iOperation->cssmContext);
|
||||
}
|
||||
nss_ZFreeIf(iOperation);
|
||||
return;
|
||||
}
|
||||
|
||||
static CK_ULONG
|
||||
ckmk_mdCryptoOperationRSA_GetFinalLength
|
||||
(
|
||||
NSSCKMDCryptoOperation *mdOperation,
|
||||
NSSCKFWCryptoOperation *fwOperation,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation =
|
||||
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
|
||||
const NSSItem *modulus =
|
||||
nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError);
|
||||
|
||||
return modulus->size;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ckmk_mdCryptoOperationRSADecrypt_GetOperationLength
|
||||
* we won't know the length until we actually decrypt the
|
||||
* input block. Since we go to all the work to decrypt the
|
||||
* the block, we'll save if for when the block is asked for
|
||||
*/
|
||||
static CK_ULONG
|
||||
ckmk_mdCryptoOperationRSADecrypt_GetOperationLength
|
||||
(
|
||||
NSSCKMDCryptoOperation *mdOperation,
|
||||
NSSCKFWCryptoOperation *fwOperation,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
const NSSItem *input,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation =
|
||||
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
|
||||
CSSM_DATA cssmInput;
|
||||
CSSM_DATA cssmOutput = { 0, NULL };
|
||||
uint32 bytesDecrypted;
|
||||
CSSM_DATA remainder = { 0, NULL };
|
||||
NSSItem output;
|
||||
CSSM_RETURN cssmErr;
|
||||
|
||||
if (iOperation->buffer) {
|
||||
return iOperation->buffer->size;
|
||||
}
|
||||
|
||||
cssmInput.Data = input->data;
|
||||
cssmInput.Length = input->size;
|
||||
|
||||
cssmErr = CSSM_DecryptData(iOperation->cssmContext,
|
||||
&cssmInput, 1, &cssmOutput, 1,
|
||||
&bytesDecrypted, &remainder);
|
||||
if (CSSM_OK != cssmErr) {
|
||||
CKMK_MACERR("Decrypt Failed", cssmErr);
|
||||
*pError = CKR_DATA_INVALID;
|
||||
return 0;
|
||||
}
|
||||
/* we didn't suppy any buffers, so it should all be in remainder */
|
||||
output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length);
|
||||
if (NULL == output.data) {
|
||||
free(cssmOutput.Data);
|
||||
free(remainder.Data);
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return 0;
|
||||
}
|
||||
output.size = bytesDecrypted + remainder.Length;
|
||||
|
||||
if (0 != bytesDecrypted) {
|
||||
nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted);
|
||||
free(cssmOutput.Data);
|
||||
}
|
||||
if (0 != remainder.Length) {
|
||||
nsslibc_memcpy(((char *)output.data)+bytesDecrypted,
|
||||
remainder.Data, remainder.Length);
|
||||
free(remainder.Data);
|
||||
}
|
||||
|
||||
iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL);
|
||||
nss_ZFreeIf(output.data);
|
||||
if ((NSSItem *) NULL == iOperation->buffer) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return 0;
|
||||
}
|
||||
|
||||
return iOperation->buffer->size;
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdCryptoOperationRSADecrypt_UpdateFinal
|
||||
*
|
||||
* NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
|
||||
* have been called previously.
|
||||
*/
|
||||
static CK_RV
|
||||
ckmk_mdCryptoOperationRSADecrypt_UpdateFinal
|
||||
(
|
||||
NSSCKMDCryptoOperation *mdOperation,
|
||||
NSSCKFWCryptoOperation *fwOperation,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
const NSSItem *input,
|
||||
NSSItem *output
|
||||
)
|
||||
{
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation =
|
||||
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
|
||||
NSSItem *buffer = iOperation->buffer;
|
||||
|
||||
if ((NSSItem *)NULL == buffer) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
nsslibc_memcpy(output->data, buffer->data, buffer->size);
|
||||
output->size = buffer->size;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdCryptoOperationRSASign_UpdateFinal
|
||||
*
|
||||
*/
|
||||
static CK_RV
|
||||
ckmk_mdCryptoOperationRSASign_UpdateFinal
|
||||
(
|
||||
NSSCKMDCryptoOperation *mdOperation,
|
||||
NSSCKFWCryptoOperation *fwOperation,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
const NSSItem *input,
|
||||
NSSItem *output
|
||||
)
|
||||
{
|
||||
ckmkInternalCryptoOperationRSAPriv *iOperation =
|
||||
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
|
||||
CSSM_DATA cssmInput;
|
||||
CSSM_DATA cssmOutput = { 0, NULL };
|
||||
CSSM_RETURN cssmErr;
|
||||
|
||||
cssmInput.Data = input->data;
|
||||
cssmInput.Length = input->size;
|
||||
|
||||
cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1,
|
||||
CSSM_ALGID_NONE, &cssmOutput);
|
||||
if (CSSM_OK != cssmErr) {
|
||||
CKMK_MACERR("Signed Failed", cssmErr);
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
if (cssmOutput.Length > output->size) {
|
||||
free(cssmOutput.Data);
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
}
|
||||
nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length);
|
||||
free(cssmOutput.Data);
|
||||
output->size = cssmOutput.Length;
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
|
||||
ckmk_mdCryptoOperationRSADecrypt_proto = {
|
||||
NULL, /* etc */
|
||||
ckmk_mdCryptoOperationRSAPriv_Destroy,
|
||||
NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
|
||||
ckmk_mdCryptoOperationRSADecrypt_GetOperationLength,
|
||||
NULL, /* Final - not needed for one shot operation */
|
||||
NULL, /* Update - not needed for one shot operation */
|
||||
NULL, /* DigetUpdate - not needed for one shot operation */
|
||||
ckmk_mdCryptoOperationRSADecrypt_UpdateFinal,
|
||||
NULL, /* UpdateCombo - not needed for one shot operation */
|
||||
NULL, /* DigetKey - not needed for one shot operation */
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
|
||||
ckmk_mdCryptoOperationRSASign_proto = {
|
||||
NULL, /* etc */
|
||||
ckmk_mdCryptoOperationRSAPriv_Destroy,
|
||||
ckmk_mdCryptoOperationRSA_GetFinalLength,
|
||||
NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
|
||||
NULL, /* Final - not needed for one shot operation */
|
||||
NULL, /* Update - not needed for one shot operation */
|
||||
NULL, /* DigetUpdate - not needed for one shot operation */
|
||||
ckmk_mdCryptoOperationRSASign_UpdateFinal,
|
||||
NULL, /* UpdateCombo - not needed for one shot operation */
|
||||
NULL, /* DigetKey - not needed for one shot operation */
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
||||
|
||||
/********** NSSCKMDMechansim functions ***********************/
|
||||
/*
|
||||
* ckmk_mdMechanismRSA_Destroy
|
||||
*/
|
||||
static void
|
||||
ckmk_mdMechanismRSA_Destroy
|
||||
(
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKFWMechanism *fwMechanism,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
nss_ZFreeIf(fwMechanism);
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdMechanismRSA_GetMinKeySize
|
||||
*/
|
||||
static CK_ULONG
|
||||
ckmk_mdMechanismRSA_GetMinKeySize
|
||||
(
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKFWMechanism *fwMechanism,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return 384;
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdMechanismRSA_GetMaxKeySize
|
||||
*/
|
||||
static CK_ULONG
|
||||
ckmk_mdMechanismRSA_GetMaxKeySize
|
||||
(
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKFWMechanism *fwMechanism,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return 16384;
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdMechanismRSA_DecryptInit
|
||||
*/
|
||||
static NSSCKMDCryptoOperation *
|
||||
ckmk_mdMechanismRSA_DecryptInit
|
||||
(
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKFWMechanism *fwMechanism,
|
||||
CK_MECHANISM *pMechanism,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSCKMDObject *mdKey,
|
||||
NSSCKFWObject *fwKey,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return ckmk_mdCryptoOperationRSAPriv_Create(
|
||||
&ckmk_mdCryptoOperationRSADecrypt_proto,
|
||||
mdMechanism, mdKey, CKMK_DECRYPT, pError);
|
||||
}
|
||||
|
||||
/*
|
||||
* ckmk_mdMechanismRSA_SignInit
|
||||
*/
|
||||
static NSSCKMDCryptoOperation *
|
||||
ckmk_mdMechanismRSA_SignInit
|
||||
(
|
||||
NSSCKMDMechanism *mdMechanism,
|
||||
NSSCKFWMechanism *fwMechanism,
|
||||
CK_MECHANISM *pMechanism,
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSCKMDObject *mdKey,
|
||||
NSSCKFWObject *fwKey,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return ckmk_mdCryptoOperationRSAPriv_Create(
|
||||
&ckmk_mdCryptoOperationRSASign_proto,
|
||||
mdMechanism, mdKey, CKMK_SIGN, pError);
|
||||
}
|
||||
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDMechanism
|
||||
nss_ckmk_mdMechanismRSA = {
|
||||
(void *)NULL, /* etc */
|
||||
ckmk_mdMechanismRSA_Destroy,
|
||||
ckmk_mdMechanismRSA_GetMinKeySize,
|
||||
ckmk_mdMechanismRSA_GetMaxKeySize,
|
||||
NULL, /* GetInHardware - default false */
|
||||
NULL, /* EncryptInit - default errs */
|
||||
ckmk_mdMechanismRSA_DecryptInit,
|
||||
NULL, /* DigestInit - default errs*/
|
||||
ckmk_mdMechanismRSA_SignInit,
|
||||
NULL, /* VerifyInit - default errs */
|
||||
ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */
|
||||
NULL, /* VerifyRecoverInit - default errs */
|
||||
NULL, /* GenerateKey - default errs */
|
||||
NULL, /* GenerateKeyPair - default errs */
|
||||
NULL, /* GetWrapKeyLength - default errs */
|
||||
NULL, /* WrapKey - default errs */
|
||||
NULL, /* UnwrapKey - default errs */
|
||||
NULL, /* DeriveKey - default errs */
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
131
security/nss/lib/ckfw/nssmkey/msession.c
Normal file
131
security/nss/lib/ckfw/nssmkey/msession.c
Normal file
@ -0,0 +1,131 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: msession.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
/*
|
||||
* nssmkey/msession.c
|
||||
*
|
||||
* This file implements the NSSCKMDSession object for the
|
||||
* "nssmkey" cryptoki module.
|
||||
*/
|
||||
|
||||
static NSSCKMDFindObjects *
|
||||
ckmk_mdSession_FindObjectsInit
|
||||
(
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
|
||||
}
|
||||
|
||||
static NSSCKMDObject *
|
||||
ckmk_mdSession_CreateObject
|
||||
(
|
||||
NSSCKMDSession *mdSession,
|
||||
NSSCKFWSession *fwSession,
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSArena *arena,
|
||||
CK_ATTRIBUTE_PTR pTemplate,
|
||||
CK_ULONG ulAttributeCount,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT NSSCKMDSession *
|
||||
nss_ckmk_CreateSession
|
||||
(
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
NSSArena *arena;
|
||||
NSSCKMDSession *rv;
|
||||
|
||||
arena = NSSCKFWSession_GetArena(fwSession, pError);
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
return (NSSCKMDSession *)NULL;
|
||||
}
|
||||
|
||||
rv = nss_ZNEW(arena, NSSCKMDSession);
|
||||
if( (NSSCKMDSession *)NULL == rv ) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKMDSession *)NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* rv was zeroed when allocated, so we only
|
||||
* need to set the non-zero members.
|
||||
*/
|
||||
|
||||
rv->etc = (void *)fwSession;
|
||||
/* rv->Close */
|
||||
/* rv->GetDeviceError */
|
||||
/* rv->Login */
|
||||
/* rv->Logout */
|
||||
/* rv->InitPIN */
|
||||
/* rv->SetPIN */
|
||||
/* rv->GetOperationStateLen */
|
||||
/* rv->GetOperationState */
|
||||
/* rv->SetOperationState */
|
||||
rv->CreateObject = ckmk_mdSession_CreateObject;
|
||||
/* rv->CopyObject */
|
||||
rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit;
|
||||
/* rv->SeedRandom */
|
||||
/* rv->GetRandom */
|
||||
/* rv->null */
|
||||
|
||||
return rv;
|
||||
}
|
129
security/nss/lib/ckfw/nssmkey/mslot.c
Normal file
129
security/nss/lib/ckfw/nssmkey/mslot.c
Normal file
@ -0,0 +1,129 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mslot.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
/*
|
||||
* nssmkey/mslot.c
|
||||
*
|
||||
* This file implements the NSSCKMDSlot object for the
|
||||
* "nssmkey" cryptoki module.
|
||||
*/
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdSlot_GetSlotDescription
|
||||
(
|
||||
NSSCKMDSlot *mdSlot,
|
||||
NSSCKFWSlot *fwSlot,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_SlotDescription;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdSlot_GetManufacturerID
|
||||
(
|
||||
NSSCKMDSlot *mdSlot,
|
||||
NSSCKFWSlot *fwSlot,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdSlot_GetHardwareVersion
|
||||
(
|
||||
NSSCKMDSlot *mdSlot,
|
||||
NSSCKFWSlot *fwSlot,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_HardwareVersion;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdSlot_GetFirmwareVersion
|
||||
(
|
||||
NSSCKMDSlot *mdSlot,
|
||||
NSSCKFWSlot *fwSlot,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_FirmwareVersion;
|
||||
}
|
||||
|
||||
static NSSCKMDToken *
|
||||
ckmk_mdSlot_GetToken
|
||||
(
|
||||
NSSCKMDSlot *mdSlot,
|
||||
NSSCKFWSlot *fwSlot,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSCKMDToken *)&nss_ckmk_mdToken;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDSlot
|
||||
nss_ckmk_mdSlot = {
|
||||
(void *)NULL, /* etc */
|
||||
NULL, /* Initialize */
|
||||
NULL, /* Destroy */
|
||||
ckmk_mdSlot_GetSlotDescription,
|
||||
ckmk_mdSlot_GetManufacturerID,
|
||||
NULL, /* GetTokenPresent -- defaults to true */
|
||||
NULL, /* GetRemovableDevice -- defaults to false */
|
||||
NULL, /* GetHardwareSlot -- defaults to false */
|
||||
ckmk_mdSlot_GetHardwareVersion,
|
||||
ckmk_mdSlot_GetFirmwareVersion,
|
||||
ckmk_mdSlot_GetToken,
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
246
security/nss/lib/ckfw/nssmkey/mtoken.c
Normal file
246
security/nss/lib/ckfw/nssmkey/mtoken.c
Normal file
@ -0,0 +1,246 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mtoken.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckmk.h"
|
||||
|
||||
/*
|
||||
* nssmkey/mtoken.c
|
||||
*
|
||||
* This file implements the NSSCKMDToken object for the
|
||||
* "nssmkey" cryptoki module.
|
||||
*/
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdToken_GetLabel
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_TokenLabel;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdToken_GetManufacturerID
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdToken_GetModel
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_TokenModel;
|
||||
}
|
||||
|
||||
static NSSUTF8 *
|
||||
ckmk_mdToken_GetSerialNumber
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return (NSSUTF8 *)nss_ckmk_TokenSerialNumber;
|
||||
}
|
||||
|
||||
static CK_BBOOL
|
||||
ckmk_mdToken_GetIsWriteProtected
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
/* fake out Mozilla so we don't try to initialize the token */
|
||||
static CK_BBOOL
|
||||
ckmk_mdToken_GetUserPinInitialized
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return CK_TRUE;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdToken_GetHardwareVersion
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_HardwareVersion;
|
||||
}
|
||||
|
||||
static CK_VERSION
|
||||
ckmk_mdToken_GetFirmwareVersion
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return nss_ckmk_FirmwareVersion;
|
||||
}
|
||||
|
||||
static NSSCKMDSession *
|
||||
ckmk_mdToken_OpenSession
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
NSSCKFWSession *fwSession,
|
||||
CK_BBOOL rw,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
return nss_ckmk_CreateSession(fwSession, pError);
|
||||
}
|
||||
|
||||
static CK_ULONG
|
||||
ckmk_mdToken_GetMechanismCount
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance
|
||||
)
|
||||
{
|
||||
return (CK_ULONG)1;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
ckmk_mdToken_GetMechanismTypes
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_MECHANISM_TYPE types[]
|
||||
)
|
||||
{
|
||||
types[0] = CKM_RSA_PKCS;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static NSSCKMDMechanism *
|
||||
ckmk_mdToken_GetMechanism
|
||||
(
|
||||
NSSCKMDToken *mdToken,
|
||||
NSSCKFWToken *fwToken,
|
||||
NSSCKMDInstance *mdInstance,
|
||||
NSSCKFWInstance *fwInstance,
|
||||
CK_MECHANISM_TYPE which,
|
||||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if (which != CKM_RSA_PKCS) {
|
||||
*pError = CKR_MECHANISM_INVALID;
|
||||
return (NSSCKMDMechanism *)NULL;
|
||||
}
|
||||
return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT_DATA const NSSCKMDToken
|
||||
nss_ckmk_mdToken = {
|
||||
(void *)NULL, /* etc */
|
||||
NULL, /* Setup */
|
||||
NULL, /* Invalidate */
|
||||
NULL, /* InitToken -- default errs */
|
||||
ckmk_mdToken_GetLabel,
|
||||
ckmk_mdToken_GetManufacturerID,
|
||||
ckmk_mdToken_GetModel,
|
||||
ckmk_mdToken_GetSerialNumber,
|
||||
NULL, /* GetHasRNG -- default is false */
|
||||
ckmk_mdToken_GetIsWriteProtected,
|
||||
NULL, /* GetLoginRequired -- default is false */
|
||||
ckmk_mdToken_GetUserPinInitialized,
|
||||
NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
|
||||
NULL, /* GetHasClockOnToken -- default is false */
|
||||
NULL, /* GetHasProtectedAuthenticationPath -- default is false */
|
||||
NULL, /* GetSupportsDualCryptoOperations -- default is false */
|
||||
NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
NULL, /* GetMaxPinLen -- irrelevant */
|
||||
NULL, /* GetMinPinLen -- irrelevant */
|
||||
NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
|
||||
ckmk_mdToken_GetHardwareVersion,
|
||||
ckmk_mdToken_GetFirmwareVersion,
|
||||
NULL, /* GetUTCTime -- no clock */
|
||||
ckmk_mdToken_OpenSession,
|
||||
ckmk_mdToken_GetMechanismCount,
|
||||
ckmk_mdToken_GetMechanismTypes,
|
||||
ckmk_mdToken_GetMechanism,
|
||||
(void *)NULL /* null terminator */
|
||||
};
|
58
security/nss/lib/ckfw/nssmkey/nssmkey.def
Normal file
58
security/nss/lib/ckfw/nssmkey/nssmkey.def
Normal file
@ -0,0 +1,58 @@
|
||||
;+#
|
||||
;+# ***** BEGIN LICENSE BLOCK *****
|
||||
;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
;+#
|
||||
;+# The contents of this file are subject to the Mozilla Public License Version
|
||||
;+# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
;+# the License. You may obtain a copy of the License at
|
||||
;+# http://www.mozilla.org/MPL/
|
||||
;+#
|
||||
;+# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
;+# for the specific language governing rights and limitations under the
|
||||
;+# License.
|
||||
;+#
|
||||
;+# The Original Code is the Netscape security libraries.
|
||||
;+#
|
||||
;+# The Initial Developer of the Original Code is
|
||||
;+# Netscape Communications Corporation.
|
||||
;+# Portions created by the Initial Developer are Copyright (C) 2003
|
||||
;+# the Initial Developer. All Rights Reserved.
|
||||
;+#
|
||||
;+# Contributor(s):
|
||||
;+#
|
||||
;+# Alternatively, the contents of this file may be used under the terms of
|
||||
;+# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
;+# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
;+# of those above. If you wish to allow use of your version of this file only
|
||||
;+# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
;+# use your version of this file under the terms of the MPL, indicate your
|
||||
;+# decision by deleting the provisions above and replace them with the notice
|
||||
;+# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
;+# the provisions above, a recipient may use your version of this file under
|
||||
;+# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
;+#
|
||||
;+# ***** END LICENSE BLOCK *****
|
||||
;+#
|
||||
;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
|
||||
;+# 1. For all unix platforms, the string ";-" means "remove this line"
|
||||
;+# 2. For all unix platforms, the string " DATA " will be removed from any
|
||||
;+# line on which it occurs.
|
||||
;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
|
||||
;+# On AIX, lines containing ";+" will be removed.
|
||||
;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
|
||||
;+# 5. For all unix platforms, after the above processing has taken place,
|
||||
;+# all characters after the first ";" on the line will be removed.
|
||||
;+# And for AIX, the first ";" will also be removed.
|
||||
;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
|
||||
;+# directives are hidden behind ";", ";+", and ";-"
|
||||
;+
|
||||
;+NSSMKEY_3.0 { # First release of nssmkey
|
||||
;+ global:
|
||||
LIBRARY nssmkey ;-
|
||||
EXPORTS ;-
|
||||
C_GetFunctionList;
|
||||
;+ local:
|
||||
;+*;
|
||||
;+};
|
75
security/nss/lib/ckfw/nssmkey/nssmkey.h
Normal file
75
security/nss/lib/ckfw/nssmkey/nssmkey.h
Normal file
@ -0,0 +1,75 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef NSSMKEY_H
|
||||
#define NSSMKEY_H
|
||||
|
||||
/*
|
||||
* NSS CKMK Version numbers.
|
||||
*
|
||||
* These are the version numbers for the nssmkey module packaged with
|
||||
* this release on NSS. To determine the version numbers of the builtin
|
||||
* module you are using, use the appropriate PKCS #11 calls.
|
||||
*
|
||||
* These version numbers detail changes to the PKCS #11 interface. They map
|
||||
* to the PKCS #11 spec versions.
|
||||
*/
|
||||
#define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2
|
||||
#define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20
|
||||
|
||||
/* These version numbers detail the changes
|
||||
* to the list of trusted certificates.
|
||||
*
|
||||
* NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
|
||||
* whether we may use its full range (0-255) or only 0-99 because
|
||||
* of the comment in the CK_VERSION type definition.
|
||||
*/
|
||||
#define NSS_CKMK_LIBRARY_VERSION_MAJOR 1
|
||||
#define NSS_CKMK_LIBRARY_VERSION_MINOR 1
|
||||
#define NSS_CKMK_LIBRARY_VERSION "1.1"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_CKMK_HARDWARE_VERSION_MAJOR 1
|
||||
#define NSS_CKMK_HARDWARE_VERSION_MINOR 0
|
||||
|
||||
/* These version numbers detail the semantic changes to ckbi itself
|
||||
* (new PKCS #11 objects), etc. */
|
||||
#define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1
|
||||
#define NSS_CKMK_FIRMWARE_VERSION_MINOR 0
|
||||
|
||||
#endif /* NSSMKEY_H */
|
74
security/nss/lib/ckfw/nssmkey/staticobj.c
Normal file
74
security/nss/lib/ckfw/nssmkey/staticobj.c
Normal file
@ -0,0 +1,74 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
* Portions created by Red Hat, Inc, are Copyright (C) 2005
|
||||
*
|
||||
* Contributor(s):
|
||||
* Bob Relyea (rrelyea@redhat.com)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef CKMK_H
|
||||
#include "ckmk.h"
|
||||
#endif /* CKMK_H */
|
||||
|
||||
static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
|
||||
static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
|
||||
static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
|
||||
static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
|
||||
static const CK_BBOOL ck_true = CK_TRUE;
|
||||
static const CK_OBJECT_CLASS cko_data = CKO_DATA;
|
||||
static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
|
||||
static const CK_BBOOL ck_false = CK_FALSE;
|
||||
static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
|
||||
|
||||
/* example of a static object */
|
||||
static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
|
||||
};
|
||||
|
||||
static const NSSItem nss_ckmk_items_1 [] = {
|
||||
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 }
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(ckmkInternalObject) nss_ckmk_data[] = {
|
||||
{ ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} },
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(const PRUint32) nss_ckmk_nObjects = 1;
|
Loading…
Reference in New Issue
Block a user