summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/pk11slot.c
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
commitf017b749ea9f1586d2308504553d40bf4cc5439d (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/lib/pk11wrap/pk11slot.c
parent7c728b3c7680662fc4e92b5d03697b8339560b08 (diff)
downloadUXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11slot.c')
-rw-r--r--security/nss/lib/pk11wrap/pk11slot.c178
1 files changed, 155 insertions, 23 deletions
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index c66ae275c..0a6ed6c08 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -18,6 +18,7 @@
#include "dev3hack.h"
#include "pkim.h"
#include "utilpars.h"
+#include "pkcs11uri.h"
/*************************************************************
* local static and global data
@@ -409,6 +410,7 @@ PK11_NewSlotInfo(SECMODModule *mod)
slot->slot_name[0] = 0;
slot->token_name[0] = 0;
PORT_Memset(slot->serial, ' ', sizeof(slot->serial));
+ PORT_Memset(&slot->tokenInfo, 0, sizeof(slot->tokenInfo));
slot->module = NULL;
slot->authTransact = 0;
slot->authTime = LL_ZERO;
@@ -1077,6 +1079,29 @@ PK11_MakeString(PLArenaPool *arena, char *space,
}
/*
+ * check if a null-terminated string matches with a PKCS11 Static Label
+ */
+PRBool
+pk11_MatchString(const char *string,
+ const char *staticString, int staticStringLen)
+{
+ int i;
+
+ for (i = (staticStringLen - 1); i >= 0; i--) {
+ if (staticString[i] != ' ')
+ break;
+ }
+ /* move i to point to the last space */
+ i++;
+
+ if (strlen(string) == i && memcmp(string, staticString, i) == 0) {
+ return PR_TRUE;
+ }
+
+ return PR_FALSE;
+}
+
+/*
* Reads in the slots mechanism list for later use
*/
SECStatus
@@ -1140,7 +1165,6 @@ PK11_ReadMechanismList(PK11SlotInfo *slot)
SECStatus
PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
{
- CK_TOKEN_INFO tokenInfo;
CK_RV crv;
SECStatus rv;
PRStatus status;
@@ -1148,7 +1172,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
/* set the slot flags to the current token values */
if (!slot->isThreadSafe)
PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &tokenInfo);
+ crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &slot->tokenInfo);
if (!slot->isThreadSafe)
PK11_ExitSlotMonitor(slot);
if (crv != CKR_OK) {
@@ -1159,13 +1183,13 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
/* set the slot flags to the current token values */
slot->series++; /* allow other objects to detect that the
* slot is different */
- slot->flags = tokenInfo.flags;
- slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
- slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
+ slot->flags = slot->tokenInfo.flags;
+ slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
+ slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
- slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
+ slot->hasRandom = ((slot->tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
slot->protectedAuthPath =
- ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+ ((slot->tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
? PR_TRUE
: PR_FALSE);
slot->lastLoginCheck = 0;
@@ -1176,15 +1200,15 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
slot->protectedAuthPath = PR_FALSE;
}
(void)PK11_MakeString(NULL, slot->token_name,
- (char *)tokenInfo.label, sizeof(tokenInfo.label));
- slot->minPassword = tokenInfo.ulMinPinLen;
- slot->maxPassword = tokenInfo.ulMaxPinLen;
- PORT_Memcpy(slot->serial, tokenInfo.serialNumber, sizeof(slot->serial));
+ (char *)slot->tokenInfo.label, sizeof(slot->tokenInfo.label));
+ slot->minPassword = slot->tokenInfo.ulMinPinLen;
+ slot->maxPassword = slot->tokenInfo.ulMaxPinLen;
+ PORT_Memcpy(slot->serial, slot->tokenInfo.serialNumber, sizeof(slot->serial));
nssToken_UpdateName(slot->nssToken);
slot->defRWSession = (PRBool)((!slot->readOnly) &&
- (tokenInfo.ulMaxSessionCount == 1));
+ (slot->tokenInfo.ulMaxSessionCount == 1));
rv = PK11_ReadMechanismList(slot);
if (rv != SECSuccess)
return rv;
@@ -1193,13 +1217,13 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
slot->RSAInfoFlags = 0;
/* initialize the maxKeyCount value */
- if (tokenInfo.ulMaxSessionCount == 0) {
+ if (slot->tokenInfo.ulMaxSessionCount == 0) {
slot->maxKeyCount = 800; /* should be #define or a config param */
- } else if (tokenInfo.ulMaxSessionCount < 20) {
+ } else if (slot->tokenInfo.ulMaxSessionCount < 20) {
/* don't have enough sessions to keep that many keys around */
slot->maxKeyCount = 0;
} else {
- slot->maxKeyCount = tokenInfo.ulMaxSessionCount / 2;
+ slot->maxKeyCount = slot->tokenInfo.ulMaxSessionCount / 2;
}
/* Make sure our session handle is valid */
@@ -1331,13 +1355,12 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
SECStatus
PK11_TokenRefresh(PK11SlotInfo *slot)
{
- CK_TOKEN_INFO tokenInfo;
CK_RV crv;
/* set the slot flags to the current token values */
if (!slot->isThreadSafe)
PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &tokenInfo);
+ crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &slot->tokenInfo);
if (!slot->isThreadSafe)
PK11_ExitSlotMonitor(slot);
if (crv != CKR_OK) {
@@ -1345,12 +1368,12 @@ PK11_TokenRefresh(PK11SlotInfo *slot)
return SECFailure;
}
- slot->flags = tokenInfo.flags;
- slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
- slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
- slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
+ slot->flags = slot->tokenInfo.flags;
+ slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
+ slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
+ slot->hasRandom = ((slot->tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
slot->protectedAuthPath =
- ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+ ((slot->tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
? PR_TRUE
: PR_FALSE);
/* on some platforms Active Card incorrectly sets the
@@ -1666,6 +1689,63 @@ PK11_GetTokenName(PK11SlotInfo *slot)
}
char *
+PK11_GetTokenURI(PK11SlotInfo *slot)
+{
+ PK11URI *uri;
+ char *ret = NULL;
+ char label[32 + 1], manufacturer[32 + 1], serial[16 + 1], model[16 + 1];
+ PK11URIAttribute attrs[4];
+ size_t nattrs = 0;
+
+ PK11_MakeString(NULL, label, (char *)slot->tokenInfo.label,
+ sizeof(slot->tokenInfo.label));
+ if (*label != '\0') {
+ attrs[nattrs].name = PK11URI_PATTR_TOKEN;
+ attrs[nattrs].value = label;
+ nattrs++;
+ }
+
+ PK11_MakeString(NULL, manufacturer, (char *)slot->tokenInfo.manufacturerID,
+ sizeof(slot->tokenInfo.manufacturerID));
+ if (*manufacturer != '\0') {
+ attrs[nattrs].name = PK11URI_PATTR_MANUFACTURER;
+ attrs[nattrs].value = manufacturer;
+ nattrs++;
+ }
+
+ PK11_MakeString(NULL, serial, (char *)slot->tokenInfo.serialNumber,
+ sizeof(slot->tokenInfo.serialNumber));
+ if (*serial != '\0') {
+ attrs[nattrs].name = PK11URI_PATTR_SERIAL;
+ attrs[nattrs].value = serial;
+ nattrs++;
+ }
+
+ PK11_MakeString(NULL, model, (char *)slot->tokenInfo.model,
+ sizeof(slot->tokenInfo.model));
+ if (*model != '\0') {
+ attrs[nattrs].name = PK11URI_PATTR_MODEL;
+ attrs[nattrs].value = model;
+ nattrs++;
+ }
+
+ uri = PK11URI_CreateURI(attrs, nattrs, NULL, 0);
+ if (uri == NULL) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
+
+ ret = PK11URI_FormatURI(NULL, uri);
+ PK11URI_DestroyURI(uri);
+
+ if (ret == NULL) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ }
+
+ return ret;
+}
+
+char *
PK11_GetSlotName(PK11SlotInfo *slot)
{
return slot->slot_name;
@@ -1771,6 +1851,46 @@ PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info)
return SECSuccess;
}
+PRBool
+pk11_MatchUriTokenInfo(PK11SlotInfo *slot, PK11URI *uri)
+{
+ const char *value;
+
+ value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_TOKEN);
+ if (value) {
+ if (!pk11_MatchString(value, (char *)slot->tokenInfo.label,
+ sizeof(slot->tokenInfo.label))) {
+ return PR_FALSE;
+ }
+ }
+
+ value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MANUFACTURER);
+ if (value) {
+ if (!pk11_MatchString(value, (char *)slot->tokenInfo.manufacturerID,
+ sizeof(slot->tokenInfo.manufacturerID))) {
+ return PR_FALSE;
+ }
+ }
+
+ value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_SERIAL);
+ if (value) {
+ if (!pk11_MatchString(value, (char *)slot->tokenInfo.serialNumber,
+ sizeof(slot->tokenInfo.serialNumber))) {
+ return PR_FALSE;
+ }
+ }
+
+ value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MODEL);
+ if (value) {
+ if (!pk11_MatchString(value, (char *)slot->tokenInfo.model,
+ sizeof(slot->tokenInfo.model))) {
+ return PR_FALSE;
+ }
+ }
+
+ return PR_TRUE;
+}
+
/* Find out if we need to initialize the user's pin */
PRBool
PK11_NeedUserInit(PK11SlotInfo *slot)
@@ -2291,6 +2411,14 @@ PK11_GetMaxKeyLength(CK_MECHANISM_TYPE mechanism)
}
}
}
+
+ /* fallback to pk11_GetPredefinedKeyLength for fixed key size algorithms */
+ if (keyLength == 0) {
+ CK_KEY_TYPE keyType;
+ keyType = PK11_GetKeyType(mechanism, 0);
+ keyLength = pk11_GetPredefinedKeyLength(keyType);
+ }
+
if (le)
PK11_FreeSlotListElement(list, le);
if (freeit)
@@ -2356,7 +2484,11 @@ PK11_RandomUpdate(void *data, size_t bytes)
if (!bestIsInternal) {
/* do internal slot, too. */
- slot = PK11_GetInternalSlot(); /* can't fail */
+ slot = PK11_GetInternalSlot();
+ PORT_Assert(slot);
+ if (!slot) {
+ return SECFailure;
+ }
status = PK11_SeedRandom(slot, data, bytes);
PK11_FreeSlot(slot);
}