lib/softoken/sftkpars.c
author J.C. Jones <jjones@mozilla.com>
Fri, 21 Jun 2019 14:39:01 -0700
branchNSS_3_36_BRANCH
changeset 15182 de60f2b7f0c3fac0537346f1077f03d6d849edc5
parent 12461 5430165f67fd4157fc19899a102c3a95b48a708f
child 14273 942d28a4f3d561cb6ccdd4de2318396276a29258
permissions -rw-r--r--
Added tag NSS_3_36_8_RTM for changeset df8917878ea6

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 *  The following code handles the storage of PKCS 11 modules used by the
 * NSS. This file is written to abstract away how the modules are
 * stored so we can deside that later.
 */
#include "pkcs11i.h"
#include "sdb.h"
#include "prprf.h"
#include "prenv.h"
#include "utilpars.h"

#define FREE_CLEAR(p) \
    if (p) {          \
        PORT_Free(p); \
        p = NULL;     \
    }

static void
sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed)
{
    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
    parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp);
    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
    return;
}

static void
sftk_parseFlags(char *tmp, sftk_parameters *parsed)
{
    parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp);
    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
    /* keep legacy interface working */
    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
    return;
}

static CK_RV
sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed)
{
    int next;
    char *tmp = NULL;
    const char *index;
    index = NSSUTIL_ArgStrip(param);

    while (*index) {
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updCertPrefix, "updateCertPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updKeyPrefix, "updateKeyPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->certPrefix, "certPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->keyPrefix, "keyPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->tokdes, "tokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updtokdes, "updateTokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->slotdes, "slotDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "minPWLen=",
                                  if (tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; })
        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "flags=",
                                  if (tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
        NSSUTIL_HANDLE_FINAL_ARG(index)
    }
    return CKR_OK;
}

static void
sftk_parseTokens(char *tokenParams, sftk_parameters *parsed)
{
    const char *tokenIndex;
    sftk_token_parameters *tokens = NULL;
    int i = 0, count = 0, next;

    if ((tokenParams == NULL) || (*tokenParams == 0))
        return;

    /* first count the number of slots */
    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex;
         tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
        count++;
    }

    /* get the data structures */
    tokens = (sftk_token_parameters *)
        PORT_ZAlloc(count * sizeof(sftk_token_parameters));
    if (tokens == NULL)
        return;

    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0;
         *tokenIndex && i < count; i++) {
        char *name;
        name = NSSUTIL_ArgGetLabel(tokenIndex, &next);
        tokenIndex += next;

        tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name);
        tokens[i].readOnly = PR_FALSE;
        tokens[i].noCertDB = PR_FALSE;
        tokens[i].noKeyDB = PR_FALSE;
        if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
            char *args = NSSUTIL_ArgFetchValue(tokenIndex, &next);
            tokenIndex += next;
            if (args) {
                sftk_parseTokenParameters(args, &tokens[i]);
                PORT_Free(args);
            }
        }
        if (name)
            PORT_Free(name);
        tokenIndex = NSSUTIL_ArgStrip(tokenIndex);
    }
    parsed->token_count = i;
    parsed->tokens = tokens;
    return;
}

CK_RV
sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
{
    int next;
    char *tmp = NULL;
    const char *index;
    char *certPrefix = NULL, *keyPrefix = NULL;
    char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL;
    char *slotdes = NULL, *pslotdes = NULL;
    char *fslotdes = NULL, *ftokdes = NULL;
    char *minPW = NULL;
    index = NSSUTIL_ArgStrip(param);

    PORT_Memset(parsed, 0, sizeof(sftk_parameters));

    while (*index) {
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->secmodName, "secmod=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->man, "manufacturerID=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, parsed->libdes, "libraryDescription=", ;)
        /* constructed values, used so legacy interfaces still work */
        NSSUTIL_HANDLE_STRING_ARG(index, certPrefix, "certPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, keyPrefix, "keyPrefix=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, tokdes, "cryptoTokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, ptokdes, "dbTokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, slotdes, "cryptoSlotDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, pslotdes, "dbSlotDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, fslotdes, "FIPSSlotDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, ftokdes, "FIPSTokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, pupdtokdes, "updateTokenDescription=", ;)
        NSSUTIL_HANDLE_STRING_ARG(index, minPW, "minPWLen=", ;)

        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "flags=",
                                  if (tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "tokens=",
                                  if (tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; })
        NSSUTIL_HANDLE_FINAL_ARG(index)
    }
    if (parsed->tokens == NULL) {
        int count = isFIPS ? 1 : 2;
        int index = count - 1;
        sftk_token_parameters *tokens = NULL;

        tokens = (sftk_token_parameters *)
            PORT_ZAlloc(count * sizeof(sftk_token_parameters));
        if (tokens == NULL) {
            goto loser;
        }
        parsed->tokens = tokens;
        parsed->token_count = count;
        tokens[index].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
        tokens[index].certPrefix = certPrefix;
        tokens[index].keyPrefix = keyPrefix;
        tokens[index].minPW = minPW ? atoi(minPW) : 0;
        tokens[index].readOnly = parsed->readOnly;
        tokens[index].noCertDB = parsed->noCertDB;
        tokens[index].noKeyDB = parsed->noCertDB;
        tokens[index].forceOpen = parsed->forceOpen;
        tokens[index].pwRequired = parsed->pwRequired;
        tokens[index].optimizeSpace = parsed->optimizeSpace;
        tokens[0].optimizeSpace = parsed->optimizeSpace;
        certPrefix = NULL;
        keyPrefix = NULL;
        if (isFIPS) {
            tokens[index].tokdes = ftokdes;
            tokens[index].updtokdes = pupdtokdes;
            tokens[index].slotdes = fslotdes;
            fslotdes = NULL;
            ftokdes = NULL;
            pupdtokdes = NULL;
        } else {
            tokens[index].tokdes = ptokdes;
            tokens[index].updtokdes = pupdtokdes;
            tokens[index].slotdes = pslotdes;
            tokens[0].slotID = NETSCAPE_SLOT_ID;
            tokens[0].tokdes = tokdes;
            tokens[0].slotdes = slotdes;
            tokens[0].noCertDB = PR_TRUE;
            tokens[0].noKeyDB = PR_TRUE;
            pupdtokdes = NULL;
            ptokdes = NULL;
            pslotdes = NULL;
            tokdes = NULL;
            slotdes = NULL;
        }
    }

loser:
    FREE_CLEAR(certPrefix);
    FREE_CLEAR(keyPrefix);
    FREE_CLEAR(tokdes);
    FREE_CLEAR(ptokdes);
    FREE_CLEAR(pupdtokdes);
    FREE_CLEAR(slotdes);
    FREE_CLEAR(pslotdes);
    FREE_CLEAR(fslotdes);
    FREE_CLEAR(ftokdes);
    FREE_CLEAR(minPW);
    return CKR_OK;
}

void
sftk_freeParams(sftk_parameters *params)
{
    int i;

    for (i = 0; i < params->token_count; i++) {
        FREE_CLEAR(params->tokens[i].configdir);
        FREE_CLEAR(params->tokens[i].certPrefix);
        FREE_CLEAR(params->tokens[i].keyPrefix);
        FREE_CLEAR(params->tokens[i].tokdes);
        FREE_CLEAR(params->tokens[i].slotdes);
        FREE_CLEAR(params->tokens[i].updatedir);
        FREE_CLEAR(params->tokens[i].updCertPrefix);
        FREE_CLEAR(params->tokens[i].updKeyPrefix);
        FREE_CLEAR(params->tokens[i].updateID);
        FREE_CLEAR(params->tokens[i].updtokdes);
    }

    FREE_CLEAR(params->configdir);
    FREE_CLEAR(params->secmodName);
    FREE_CLEAR(params->man);
    FREE_CLEAR(params->libdes);
    FREE_CLEAR(params->tokens);
    FREE_CLEAR(params->updatedir);
    FREE_CLEAR(params->updateID);
}