--- a/lib/ckfw/builtins/anchor.c
+++ b/lib/ckfw/builtins/anchor.c
@@ -1,17 +1,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* builtins/anchor.c
*
* This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading. See the
+ * shared library, which is required for dynamic loading. See the
* comments in nssck.api for more information.
*/
#include "builtins.h"
#define MODULE_NAME builtins
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
+#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance
#include "nssck.api"
--- a/lib/ckfw/builtins/bfind.c
+++ b/lib/ckfw/builtins/bfind.c
@@ -9,263 +9,255 @@
/*
* builtins/find.c
*
* This file implements the NSSCKMDFindObjects object for the
* "builtin objects" cryptoki module.
*/
struct builtinsFOStr {
- NSSArena *arena;
- CK_ULONG n;
- CK_ULONG i;
- builtinsInternalObject **objs;
+ NSSArena *arena;
+ CK_ULONG n;
+ CK_ULONG i;
+ builtinsInternalObject **objs;
};
static void
-builtins_mdFindObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdFindObjects_Final(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
- NSSArena *arena = fo->arena;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+ NSSArena *arena = fo->arena;
- nss_ZFreeIf(fo->objs);
- nss_ZFreeIf(fo);
- nss_ZFreeIf(mdFindObjects);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
+ nss_ZFreeIf(fo->objs);
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(mdFindObjects);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
- return;
+ return;
}
static NSSCKMDObject *
-builtins_mdFindObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+builtins_mdFindObjects_Next(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
- builtinsInternalObject *io;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+ builtinsInternalObject *io;
- if( fo->i == fo->n ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
+ if (fo->i == fo->n) {
+ *pError = CKR_OK;
+ return (NSSCKMDObject *)NULL;
+ }
- io = fo->objs[ fo->i ];
- fo->i++;
+ io = fo->objs[fo->i];
+ fo->i++;
- return nss_builtins_CreateMDObject(arena, io, pError);
+ return nss_builtins_CreateMDObject(arena, io, pError);
}
static int
-builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
+builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest)
+{
unsigned char *start = src;
int len = 0;
- if (*src ++ != 2) {
- return 0;
+ if (*src++ != 2) {
+ return 0;
}
len = *src++;
if (len & 0x80) {
- int count = len & 0x7f;
- len =0;
+ int count = len & 0x7f;
+ len = 0;
- if (count+2 > size) {
- return 0;
- }
- while (count-- > 0) {
- len = (len << 8) | *src++;
- }
+ if (count + 2 > size) {
+ return 0;
+ }
+ while (count-- > 0) {
+ len = (len << 8) | *src++;
+ }
}
- if (len + (src-start) != size) {
- return 0;
+ if (len + (src - start) != size) {
+ return 0;
}
*dest = src;
return len;
}
static CK_BBOOL
-builtins_attrmatch
-(
- CK_ATTRIBUTE_PTR a,
- const NSSItem *b
-)
+builtins_attrmatch(
+ CK_ATTRIBUTE_PTR a,
+ const NSSItem *b)
{
- PRBool prb;
+ PRBool prb;
- if( a->ulValueLen != b->size ) {
- /* match a decoded serial number */
- if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
- int len;
- unsigned char *data = NULL;
+ if (a->ulValueLen != b->size) {
+ /* match a decoded serial number */
+ if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+ int len;
+ unsigned char *data = NULL;
- len = builtins_derUnwrapInt(b->data,b->size,&data);
- if (data &&
- (len == a->ulValueLen) &&
- nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
- return CK_TRUE;
- }
+ len = builtins_derUnwrapInt(b->data, b->size, &data);
+ if (data &&
+ (len == a->ulValueLen) &&
+ nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+ return CK_TRUE;
+ }
+ }
+ return CK_FALSE;
}
- return CK_FALSE;
- }
- prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+ prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
- if( PR_TRUE == prb ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
+ if (PR_TRUE == prb) {
+ return CK_TRUE;
+ }
+ else {
+ return CK_FALSE;
+ }
}
+static CK_BBOOL
+builtins_match(
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ builtinsInternalObject *o)
+{
+ CK_ULONG i;
-static CK_BBOOL
-builtins_match
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- builtinsInternalObject *o
-)
-{
- CK_ULONG i;
+ for (i = 0; i < ulAttributeCount; i++) {
+ CK_ULONG j;
- for( i = 0; i < ulAttributeCount; i++ ) {
- CK_ULONG j;
+ for (j = 0; j < o->n; j++) {
+ if (o->types[j] == pTemplate[i].type) {
+ if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
+ return CK_FALSE;
+ }
+ else {
+ break;
+ }
+ }
+ }
- for( j = 0; j < o->n; j++ ) {
- if( o->types[j] == pTemplate[i].type ) {
- if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) {
- return CK_FALSE;
- } else {
- break;
+ if (j == o->n) {
+ /* Loop ran to the end: no matching attribute */
+ return CK_FALSE;
}
- }
}
- if( j == o->n ) {
- /* Loop ran to the end: no matching attribute */
- return CK_FALSE;
- }
- }
-
- /* Every attribute passed */
- return CK_TRUE;
+ /* Every attribute passed */
+ return CK_TRUE;
}
NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_builtins_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- /* This could be made more efficient. I'm rather rushed. */
- NSSArena *arena;
- NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
- struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
+ /* This could be made more efficient. I'm rather rushed. */
+ NSSArena *arena;
+ NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
- /*
+/*
* 99% of the time we get 0 or 1 matches. So we start with a small
* stack-allocated array to hold the matches and switch to a heap-allocated
* array later if the number of matches exceeds STACK_BUF_LENGTH.
*/
- #define STACK_BUF_LENGTH 1
- builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
- builtinsInternalObject **temp = stackTemp;
- PRBool tempIsHeapAllocated = PR_FALSE;
- PRUint32 i;
+#define STACK_BUF_LENGTH 1
+ builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
+ builtinsInternalObject **temp = stackTemp;
+ PRBool tempIsHeapAllocated = PR_FALSE;
+ PRUint32 i;
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
+ arena = NSSArena_Create();
+ if ((NSSArena *)NULL == arena) {
+ goto loser;
+ }
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+ if ((NSSCKMDFindObjects *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- fo = nss_ZNEW(arena, struct builtinsFOStr);
- if( (struct builtinsFOStr *)NULL == fo ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ fo = nss_ZNEW(arena, struct builtinsFOStr);
+ if ((struct builtinsFOStr *)NULL == fo) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- fo->arena = arena;
- /* fo->n and fo->i are already zero */
+ fo->arena = arena;
+ /* fo->n and fo->i are already zero */
- rv->etc = (void *)fo;
- rv->Final = builtins_mdFindObjects_Final;
- rv->Next = builtins_mdFindObjects_Next;
- rv->null = (void *)NULL;
+ rv->etc = (void *)fo;
+ rv->Final = builtins_mdFindObjects_Final;
+ rv->Next = builtins_mdFindObjects_Next;
+ rv->null = (void *)NULL;
- for( i = 0; i < nss_builtins_nObjects; i++ ) {
- builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
+ for (i = 0; i < nss_builtins_nObjects; i++) {
+ builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
- if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
- if( fo->n == STACK_BUF_LENGTH ) {
- /* Switch from the small stack array to a heap-allocated array large
+ if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) {
+ if (fo->n == STACK_BUF_LENGTH) {
+ /* Switch from the small stack array to a heap-allocated array large
* enough to handle matches in all remaining cases. */
- temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
- fo->n + nss_builtins_nObjects - i);
- if( (builtinsInternalObject **)NULL == temp ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
+ temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
+ fo->n + nss_builtins_nObjects - i);
+ if ((builtinsInternalObject **)NULL == temp) {
+ *pError =
+ CKR_HOST_MEMORY;
+ goto loser;
+ }
+ tempIsHeapAllocated = PR_TRUE;
+ (void)nsslibc_memcpy(temp, stackTemp,
+ sizeof(builtinsInternalObject *) * fo->n);
+ }
+
+ temp[fo->n] = o;
+ fo->n++;
}
- tempIsHeapAllocated = PR_TRUE;
- (void)nsslibc_memcpy(temp, stackTemp,
- sizeof(builtinsInternalObject *) * fo->n);
- }
-
- temp[ fo->n ] = o;
- fo->n++;
}
- }
- fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
- if( (builtinsInternalObject **)NULL == fo->objs ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
+ if ((builtinsInternalObject **)NULL == fo->objs) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
- if (tempIsHeapAllocated) {
- nss_ZFreeIf(temp);
- temp = (builtinsInternalObject **)NULL;
- }
+ (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
+ if (tempIsHeapAllocated) {
+ nss_ZFreeIf(temp);
+ temp = (builtinsInternalObject **)NULL;
+ }
- return rv;
+ return rv;
- loser:
- if (tempIsHeapAllocated) {
- nss_ZFreeIf(temp);
- }
- nss_ZFreeIf(fo);
- nss_ZFreeIf(rv);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
- return (NSSCKMDFindObjects *)NULL;
+loser:
+ if (tempIsHeapAllocated) {
+ nss_ZFreeIf(temp);
+ }
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(rv);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
+ return (NSSCKMDFindObjects *)NULL;
}
-
--- a/lib/ckfw/builtins/binst.c
+++ b/lib/ckfw/builtins/binst.c
@@ -2,98 +2,86 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "builtins.h"
/*
* builtins/instance.c
*
- * This file implements the NSSCKMDInstance object for the
+ * This file implements the NSSCKMDInstance object for the
* "builtin objects" cryptoki module.
*/
/*
* NSSCKMDInstance methods
*/
static CK_ULONG
-builtins_mdInstance_GetNSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetNSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (CK_ULONG)1;
+ return (CK_ULONG)1;
}
static CK_VERSION
-builtins_mdInstance_GetCryptokiVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetCryptokiVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_CryptokiVersion;
+ return nss_builtins_CryptokiVersion;
}
static NSSUTF8 *
-builtins_mdInstance_GetManufacturerID
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetManufacturerID(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static NSSUTF8 *
-builtins_mdInstance_GetLibraryDescription
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetLibraryDescription(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_LibraryDescription;
+ return (NSSUTF8 *)nss_builtins_LibraryDescription;
}
static CK_VERSION
-builtins_mdInstance_GetLibraryVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetLibraryVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
#define NSS_VERSION_VARIABLE __nss_builtins_version
#include "verref.h"
- return nss_builtins_LibraryVersion;
+ return nss_builtins_LibraryVersion;
}
static CK_RV
-builtins_mdInstance_GetSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
-)
+builtins_mdInstance_GetSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *slots[])
{
- slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
- return CKR_OK;
+ slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
+ return CKR_OK;
}
const NSSCKMDInstance
-nss_builtins_mdInstance = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Finalize */
- builtins_mdInstance_GetNSlots,
- builtins_mdInstance_GetCryptokiVersion,
- builtins_mdInstance_GetManufacturerID,
- builtins_mdInstance_GetLibraryDescription,
- builtins_mdInstance_GetLibraryVersion,
- NULL, /* ModuleHandlesSessionObjects -- defaults to false */
- builtins_mdInstance_GetSlots,
- NULL, /* WaitForSlotEvent */
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdInstance = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Finalize */
+ builtins_mdInstance_GetNSlots,
+ builtins_mdInstance_GetCryptokiVersion,
+ builtins_mdInstance_GetManufacturerID,
+ builtins_mdInstance_GetLibraryDescription,
+ builtins_mdInstance_GetLibraryVersion,
+ NULL, /* ModuleHandlesSessionObjects -- defaults to false */
+ builtins_mdInstance_GetSlots,
+ NULL, /* WaitForSlotEvent */
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/builtins/bobject.c
+++ b/lib/ckfw/builtins/bobject.c
@@ -19,204 +19,188 @@
* GetAttributeTypes
* GetAttributeSize
* GetAttribute
* SetAttribute - unneeded
* GetObjectSize
*/
static CK_RV
-builtins_mdObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_Destroy(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CKR_SESSION_READ_ONLY;
+ return CKR_SESSION_READ_ONLY;
}
static CK_BBOOL
-builtins_mdObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_IsTokenObject(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_ULONG
-builtins_mdObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdObject_GetAttributeCount(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- return io->n;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ return io->n;
}
static CK_RV
-builtins_mdObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+builtins_mdObject_GetAttributeTypes(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- if( io->n != ulCount ) {
- return CKR_BUFFER_TOO_SMALL;
- }
+ if (io->n != ulCount) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
- for( i = 0; i < io->n; i++ ) {
- typeArray[i] = io->types[i];
- }
+ for (i = 0; i < io->n; i++) {
+ typeArray[i] = io->types[i];
+ }
- return CKR_OK;
+ return CKR_OK;
}
static CK_ULONG
-builtins_mdObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+builtins_mdObject_GetAttributeSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- return (CK_ULONG)(io->items[i].size);
+ for (i = 0; i < io->n; i++) {
+ if (attribute == io->types[i]) {
+ return (CK_ULONG)(io->items[i].size);
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return 0;
}
static NSSCKFWItem
-builtins_mdObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+builtins_mdObject_GetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- NSSCKFWItem mdItem;
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ NSSCKFWItem mdItem;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- mdItem.needsFreeing = PR_FALSE;
- mdItem.item = (NSSItem*) NULL;
+ mdItem.needsFreeing = PR_FALSE;
+ mdItem.item = (NSSItem *)NULL;
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- mdItem.item = (NSSItem*) &io->items[i];
- return mdItem;
+ for (i = 0; i < io->n; i++) {
+ if (attribute == io->types[i]) {
+ mdItem.item = (NSSItem *)&io->items[i];
+ return mdItem;
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return mdItem;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return mdItem;
}
static CK_ULONG
-builtins_mdObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdObject_GetObjectSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
- CK_ULONG rv = sizeof(CK_ULONG);
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
+ CK_ULONG rv = sizeof(CK_ULONG);
- for( i = 0; i < io->n; i++ ) {
- rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
- }
+ for (i = 0; i < io->n; i++) {
+ rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
+ }
- return rv;
+ return rv;
}
static const NSSCKMDObject
-builtins_prototype_mdObject = {
- (void *)NULL, /* etc */
- NULL, /* Finalize */
- builtins_mdObject_Destroy,
- builtins_mdObject_IsTokenObject,
- builtins_mdObject_GetAttributeCount,
- builtins_mdObject_GetAttributeTypes,
- builtins_mdObject_GetAttributeSize,
- builtins_mdObject_GetAttribute,
- NULL, /* FreeAttribute */
- NULL, /* SetAttribute */
- builtins_mdObject_GetObjectSize,
- (void *)NULL /* null terminator */
-};
+ builtins_prototype_mdObject = {
+ (void *)NULL, /* etc */
+ NULL, /* Finalize */
+ builtins_mdObject_Destroy,
+ builtins_mdObject_IsTokenObject,
+ builtins_mdObject_GetAttributeCount,
+ builtins_mdObject_GetAttributeTypes,
+ builtins_mdObject_GetAttributeSize,
+ builtins_mdObject_GetAttribute,
+ NULL, /* FreeAttribute */
+ NULL, /* SetAttribute */
+ builtins_mdObject_GetObjectSize,
+ (void *)NULL /* null terminator */
+ };
NSS_IMPLEMENT NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-)
+nss_builtins_CreateMDObject(
+ NSSArena *arena,
+ builtinsInternalObject *io,
+ CK_RV *pError)
{
- if ( (void*)NULL == io->mdObject.etc) {
- (void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject,
- sizeof(builtins_prototype_mdObject));
- io->mdObject.etc = (void *)io;
- }
+ if ((void *)NULL == io->mdObject.etc) {
+ (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject,
+ sizeof(builtins_prototype_mdObject));
+ io->mdObject.etc = (void *)io;
+ }
- return &io->mdObject;
+ return &io->mdObject;
}
--- a/lib/ckfw/builtins/bsession.c
+++ b/lib/ckfw/builtins/bsession.c
@@ -2,74 +2,70 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "builtins.h"
/*
* builtins/session.c
*
- * This file implements the NSSCKMDSession object for the
+ * This file implements the NSSCKMDSession object for the
* "builtin objects" cryptoki module.
*/
static NSSCKMDFindObjects *
-builtins_mdSession_FindObjectsInit
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+builtins_mdSession_FindObjectsInit(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+ return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
}
NSS_IMPLEMENT NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nss_builtins_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
- NSSArena *arena;
- NSSCKMDSession *rv;
+ NSSArena *arena;
+ NSSCKMDSession *rv;
- arena = NSSCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- return (NSSCKMDSession *)NULL;
- }
+ arena = NSSCKFWSession_GetArena(fwSession, pError);
+ if ((NSSArena *)NULL == arena) {
+ return (NSSCKMDSession *)NULL;
+ }
- rv = nss_ZNEW(arena, NSSCKMDSession);
- if( (NSSCKMDSession *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
+ rv = nss_ZNEW(arena, NSSCKMDSession);
+ if ((NSSCKMDSession *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKMDSession *)NULL;
+ }
- /*
- * rv was zeroed when allocated, so we only
- * need to set the non-zero members.
- */
+ /*
+ * rv was zeroed when allocated, so we only
+ * need to set the non-zero members.
+ */
- rv->etc = (void *)fwSession;
- /* rv->Close */
- /* rv->GetDeviceError */
- /* rv->Login */
- /* rv->Logout */
- /* rv->InitPIN */
- /* rv->SetPIN */
- /* rv->GetOperationStateLen */
- /* rv->GetOperationState */
- /* rv->SetOperationState */
- /* rv->CreateObject */
- /* rv->CopyObject */
- rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
- /* rv->SeedRandom */
- /* rv->GetRandom */
- /* rv->null */
+ rv->etc = (void *)fwSession;
+ /* rv->Close */
+ /* rv->GetDeviceError */
+ /* rv->Login */
+ /* rv->Logout */
+ /* rv->InitPIN */
+ /* rv->SetPIN */
+ /* rv->GetOperationStateLen */
+ /* rv->GetOperationState */
+ /* rv->SetOperationState */
+ /* rv->CreateObject */
+ /* rv->CopyObject */
+ rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
+ /* rv->SeedRandom */
+ /* rv->GetRandom */
+ /* rv->null */
- return rv;
+ return rv;
}
--- a/lib/ckfw/builtins/bslot.c
+++ b/lib/ckfw/builtins/bslot.c
@@ -7,85 +7,75 @@
/*
* builtins/slot.c
*
* This file implements the NSSCKMDSlot object for the
* "builtin objects" cryptoki module.
*/
static NSSUTF8 *
-builtins_mdSlot_GetSlotDescription
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetSlotDescription(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_SlotDescription;
+ return (NSSUTF8 *)nss_builtins_SlotDescription;
}
static NSSUTF8 *
-builtins_mdSlot_GetManufacturerID
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetManufacturerID(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static CK_VERSION
-builtins_mdSlot_GetHardwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetHardwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_HardwareVersion;
+ return nss_builtins_HardwareVersion;
}
static CK_VERSION
-builtins_mdSlot_GetFirmwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetFirmwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_FirmwareVersion;
+ return nss_builtins_FirmwareVersion;
}
static NSSCKMDToken *
-builtins_mdSlot_GetToken
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetToken(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSCKMDToken *)&nss_builtins_mdToken;
+ return (NSSCKMDToken *)&nss_builtins_mdToken;
}
const NSSCKMDSlot
-nss_builtins_mdSlot = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Destroy */
- builtins_mdSlot_GetSlotDescription,
- builtins_mdSlot_GetManufacturerID,
- NULL, /* GetTokenPresent -- defaults to true */
- NULL, /* GetRemovableDevice -- defaults to false */
- NULL, /* GetHardwareSlot -- defaults to false */
- builtins_mdSlot_GetHardwareVersion,
- builtins_mdSlot_GetFirmwareVersion,
- builtins_mdSlot_GetToken,
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdSlot = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Destroy */
+ builtins_mdSlot_GetSlotDescription,
+ builtins_mdSlot_GetManufacturerID,
+ NULL, /* GetTokenPresent -- defaults to true */
+ NULL, /* GetRemovableDevice -- defaults to false */
+ NULL, /* GetHardwareSlot -- defaults to false */
+ builtins_mdSlot_GetHardwareVersion,
+ builtins_mdSlot_GetFirmwareVersion,
+ builtins_mdSlot_GetToken,
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/builtins/btoken.c
+++ b/lib/ckfw/builtins/btoken.c
@@ -7,145 +7,129 @@
/*
* builtins/token.c
*
* This file implements the NSSCKMDToken object for the
* "builtin objects" cryptoki module.
*/
static NSSUTF8 *
-builtins_mdToken_GetLabel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetLabel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenLabel;
+ return (NSSUTF8 *)nss_builtins_TokenLabel;
}
static NSSUTF8 *
-builtins_mdToken_GetManufacturerID
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetManufacturerID(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static NSSUTF8 *
-builtins_mdToken_GetModel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetModel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenModel;
+ return (NSSUTF8 *)nss_builtins_TokenModel;
}
static NSSUTF8 *
-builtins_mdToken_GetSerialNumber
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetSerialNumber(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
+ return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
}
static CK_BBOOL
-builtins_mdToken_GetIsWriteProtected
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetIsWriteProtected(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_VERSION
-builtins_mdToken_GetHardwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetHardwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_HardwareVersion;
+ return nss_builtins_HardwareVersion;
}
static CK_VERSION
-builtins_mdToken_GetFirmwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetFirmwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_FirmwareVersion;
+ return nss_builtins_FirmwareVersion;
}
static NSSCKMDSession *
-builtins_mdToken_OpenSession
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
-)
+builtins_mdToken_OpenSession(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_BBOOL rw,
+ CK_RV *pError)
{
- return nss_builtins_CreateSession(fwSession, pError);
+ return nss_builtins_CreateSession(fwSession, pError);
}
const NSSCKMDToken
-nss_builtins_mdToken = {
- (void *)NULL, /* etc */
- NULL, /* Setup */
- NULL, /* Invalidate */
- NULL, /* InitToken -- default errs */
- builtins_mdToken_GetLabel,
- builtins_mdToken_GetManufacturerID,
- builtins_mdToken_GetModel,
- builtins_mdToken_GetSerialNumber,
- NULL, /* GetHasRNG -- default is false */
- builtins_mdToken_GetIsWriteProtected,
- NULL, /* GetLoginRequired -- default is false */
- NULL, /* GetUserPinInitialized -- default is false */
- NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
- NULL, /* GetHasClockOnToken -- default is false */
- NULL, /* GetHasProtectedAuthenticationPath -- default is false */
- NULL, /* GetSupportsDualCryptoOperations -- default is false */
- NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxPinLen -- irrelevant */
- NULL, /* GetMinPinLen -- irrelevant */
- NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- builtins_mdToken_GetHardwareVersion,
- builtins_mdToken_GetFirmwareVersion,
- NULL, /* GetUTCTime -- no clock */
- builtins_mdToken_OpenSession,
- NULL, /* GetMechanismCount -- default is zero */
- NULL, /* GetMechanismTypes -- irrelevant */
- NULL, /* GetMechanism -- irrelevant */
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdToken = {
+ (void *)NULL, /* etc */
+ NULL, /* Setup */
+ NULL, /* Invalidate */
+ NULL, /* InitToken -- default errs */
+ builtins_mdToken_GetLabel,
+ builtins_mdToken_GetManufacturerID,
+ builtins_mdToken_GetModel,
+ builtins_mdToken_GetSerialNumber,
+ NULL, /* GetHasRNG -- default is false */
+ builtins_mdToken_GetIsWriteProtected,
+ NULL, /* GetLoginRequired -- default is false */
+ NULL, /* GetUserPinInitialized -- default is false */
+ NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+ NULL, /* GetHasClockOnToken -- default is false */
+ NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+ NULL, /* GetSupportsDualCryptoOperations -- default is false */
+ NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxPinLen -- irrelevant */
+ NULL, /* GetMinPinLen -- irrelevant */
+ NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ builtins_mdToken_GetHardwareVersion,
+ builtins_mdToken_GetFirmwareVersion,
+ NULL, /* GetUTCTime -- no clock */
+ builtins_mdToken_OpenSession,
+ NULL, /* GetMechanismCount -- default is zero */
+ NULL, /* GetMechanismTypes -- irrelevant */
+ NULL, /* GetMechanism -- irrelevant */
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/builtins/builtins.h
+++ b/lib/ckfw/builtins/builtins.h
@@ -16,57 +16,51 @@
/*
* This is where the Netscape extensions live, at least for now.
*/
#ifndef CKT_H
#include "ckt.h"
#endif /* CKT_H */
struct builtinsInternalObjectStr {
- CK_ULONG n;
- const CK_ATTRIBUTE_TYPE *types;
- const NSSItem *items;
- NSSCKMDObject mdObject;
+ CK_ULONG n;
+ const CK_ATTRIBUTE_TYPE *types;
+ const NSSItem *items;
+ NSSCKMDObject mdObject;
};
typedef struct builtinsInternalObjectStr builtinsInternalObject;
-extern builtinsInternalObject nss_builtins_data[];
-extern const PRUint32 nss_builtins_nObjects;
+extern builtinsInternalObject nss_builtins_data[];
+extern const PRUint32 nss_builtins_nObjects;
-extern const CK_VERSION nss_builtins_CryptokiVersion;
-extern const CK_VERSION nss_builtins_LibraryVersion;
-extern const CK_VERSION nss_builtins_HardwareVersion;
-extern const CK_VERSION nss_builtins_FirmwareVersion;
+extern const CK_VERSION nss_builtins_CryptokiVersion;
+extern const CK_VERSION nss_builtins_LibraryVersion;
+extern const CK_VERSION nss_builtins_HardwareVersion;
+extern const CK_VERSION nss_builtins_FirmwareVersion;
-extern const NSSUTF8 nss_builtins_ManufacturerID[];
-extern const NSSUTF8 nss_builtins_LibraryDescription[];
-extern const NSSUTF8 nss_builtins_SlotDescription[];
-extern const NSSUTF8 nss_builtins_TokenLabel[];
-extern const NSSUTF8 nss_builtins_TokenModel[];
-extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
+extern const NSSUTF8 nss_builtins_ManufacturerID[];
+extern const NSSUTF8 nss_builtins_LibraryDescription[];
+extern const NSSUTF8 nss_builtins_SlotDescription[];
+extern const NSSUTF8 nss_builtins_TokenLabel[];
+extern const NSSUTF8 nss_builtins_TokenModel[];
+extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
extern const NSSCKMDInstance nss_builtins_mdInstance;
-extern const NSSCKMDSlot nss_builtins_mdSlot;
-extern const NSSCKMDToken nss_builtins_mdToken;
+extern const NSSCKMDSlot nss_builtins_mdSlot;
+extern const NSSCKMDToken nss_builtins_mdToken;
NSS_EXTERN NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nss_builtins_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nss_builtins_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-);
+nss_builtins_CreateMDObject(
+ NSSArena *arena,
+ builtinsInternalObject *io,
+ CK_RV *pError);
--- a/lib/ckfw/builtins/ckbiver.c
+++ b/lib/ckfw/builtins/ckbiver.c
@@ -10,10 +10,9 @@
#define _DEBUG_STRING " (debug)"
#else
#define _DEBUG_STRING ""
#endif
/*
* Version information
*/
-const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs "
- NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
+const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
--- a/lib/ckfw/builtins/constants.c
+++ b/lib/ckfw/builtins/constants.c
@@ -16,46 +16,49 @@
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifndef NSSCKBI_H
#include "nssckbi.h"
#endif /* NSSCKBI_H */
const CK_VERSION
-nss_builtins_CryptokiVersion = {
- NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
- NSS_BUILTINS_CRYPTOKI_VERSION_MINOR };
+ nss_builtins_CryptokiVersion = {
+ NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
+ NSS_BUILTINS_CRYPTOKI_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_LibraryVersion = {
- NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
- NSS_BUILTINS_LIBRARY_VERSION_MINOR};
+ nss_builtins_LibraryVersion = {
+ NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
+ NSS_BUILTINS_LIBRARY_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_HardwareVersion = {
- NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
- NSS_BUILTINS_HARDWARE_VERSION_MINOR };
+ nss_builtins_HardwareVersion = {
+ NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
+ NSS_BUILTINS_HARDWARE_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_FirmwareVersion = {
- NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
- NSS_BUILTINS_FIRMWARE_VERSION_MINOR };
+ nss_builtins_FirmwareVersion = {
+ NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
+ NSS_BUILTINS_FIRMWARE_VERSION_MINOR
+ };
-const NSSUTF8
-nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
+const NSSUTF8
+ nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
-const NSSUTF8
-nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
+const NSSUTF8
+ nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
-const NSSUTF8
-nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
+const NSSUTF8
+ nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
-const NSSUTF8
-nss_builtins_TokenLabel[] = { "Builtin Object Token" };
+const NSSUTF8
+ nss_builtins_TokenLabel[] = { "Builtin Object Token" };
-const NSSUTF8
-nss_builtins_TokenModel[] = { "1" };
+const NSSUTF8
+ nss_builtins_TokenModel[] = { "1" };
/* should this be e.g. the certdata.txt RCS revision number? */
-const NSSUTF8
-nss_builtins_TokenSerialNumber[] = { "1" };
-
+const NSSUTF8
+ nss_builtins_TokenSerialNumber[] = { "1" };
--- a/lib/ckfw/builtins/nssckbi.h
+++ b/lib/ckfw/builtins/nssckbi.h
@@ -13,17 +13,17 @@
* module you are using, use the appropriate PKCS #11 calls.
*
* These version numbers detail changes to the PKCS #11 interface. They map
* to the PKCS #11 spec versions.
*/
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
-/* These version numbers detail the changes
+/* These version numbers detail the changes
* to the list of trusted certificates.
*
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
* for each NSS minor release AND whenever we change the list of
* trusted certificates. 10 minor versions are allocated for each
* NSS 3.x branch as follows, allowing us to change the list of
* trusted certificates up to 9 times on each branch.
* - NSS 3.5 branch: 3-9
@@ -47,14 +47,14 @@
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6
#define NSS_BUILTINS_LIBRARY_VERSION "2.6"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
-/* These version numbers detail the semantic changes to ckbi itself
+/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
#endif /* NSSCKBI_H */
--- a/lib/ckfw/capi/anchor.c
+++ b/lib/ckfw/capi/anchor.c
@@ -1,17 +1,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* capi/canchor.c
*
* This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading. See the
+ * shared library, which is required for dynamic loading. See the
* comments in nssck.api for more information.
*/
#include "ckcapi.h"
#define MODULE_NAME ckcapi
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance
+#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance
#include "nssck.api"
--- a/lib/ckfw/capi/cfind.c
+++ b/lib/ckfw/capi/cfind.c
@@ -9,573 +9,559 @@
/*
* ckcapi/cfind.c
*
* This file implements the NSSCKMDFindObjects object for the
* "capi" cryptoki module.
*/
struct ckcapiFOStr {
- NSSArena *arena;
- CK_ULONG n;
- CK_ULONG i;
- ckcapiInternalObject **objs;
+ NSSArena *arena;
+ CK_ULONG n;
+ CK_ULONG i;
+ ckcapiInternalObject **objs;
};
static void
-ckcapi_mdFindObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdFindObjects_Final(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
- NSSArena *arena = fo->arena;
- PRUint32 i;
+ struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+ NSSArena *arena = fo->arena;
+ PRUint32 i;
- /* walk down an free the unused 'objs' */
- for (i=fo->i; i < fo->n ; i++) {
- nss_ckcapi_DestroyInternalObject(fo->objs[i]);
- }
+ /* walk down an free the unused 'objs' */
+ for (i = fo->i; i < fo->n; i++) {
+ nss_ckcapi_DestroyInternalObject(fo->objs[i]);
+ }
- nss_ZFreeIf(fo->objs);
- nss_ZFreeIf(fo);
- nss_ZFreeIf(mdFindObjects);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
+ nss_ZFreeIf(fo->objs);
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(mdFindObjects);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
- return;
+ return;
}
static NSSCKMDObject *
-ckcapi_mdFindObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+ckcapi_mdFindObjects_Next(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
- ckcapiInternalObject *io;
+ struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+ ckcapiInternalObject *io;
- if( fo->i == fo->n ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
+ if (fo->i == fo->n) {
+ *pError = CKR_OK;
+ return (NSSCKMDObject *)NULL;
+ }
- io = fo->objs[ fo->i ];
- fo->i++;
+ io = fo->objs[fo->i];
+ fo->i++;
- return nss_ckcapi_CreateMDObject(arena, io, pError);
+ return nss_ckcapi_CreateMDObject(arena, io, pError);
}
static CK_BBOOL
-ckcapi_attrmatch
-(
- CK_ATTRIBUTE_PTR a,
- ckcapiInternalObject *o
-)
+ckcapi_attrmatch(
+ CK_ATTRIBUTE_PTR a,
+ ckcapiInternalObject *o)
{
- PRBool prb;
- const NSSItem *b;
+ PRBool prb;
+ const NSSItem *b;
- b = nss_ckcapi_FetchAttribute(o, a->type);
- if (b == NULL) {
- return CK_FALSE;
- }
+ b = nss_ckcapi_FetchAttribute(o, a->type);
+ if (b == NULL) {
+ return CK_FALSE;
+ }
+
+ if (a->ulValueLen != b->size) {
+ /* match a decoded serial number */
+ if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+ unsigned int len;
+ unsigned char *data;
- if( a->ulValueLen != b->size ) {
- /* match a decoded serial number */
- if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
- unsigned int len;
- unsigned char *data;
-
- data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL);
- if ((len == a->ulValueLen) &&
- nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
- return CK_TRUE;
- }
+ data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL);
+ if ((len == a->ulValueLen) &&
+ nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+ return CK_TRUE;
+ }
+ }
+ return CK_FALSE;
}
- return CK_FALSE;
- }
- prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+ prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
- if( PR_TRUE == prb ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
+ if (PR_TRUE == prb) {
+ return CK_TRUE;
+ }
+ else {
+ return CK_FALSE;
+ }
}
-
static CK_BBOOL
-ckcapi_match
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject *o
-)
+ckcapi_match(
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject *o)
{
- CK_ULONG i;
+ CK_ULONG i;
- for( i = 0; i < ulAttributeCount; i++ ) {
- if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) {
- return CK_FALSE;
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) {
+ return CK_FALSE;
+ }
}
- }
- /* Every attribute passed */
- return CK_TRUE;
+ /* Every attribute passed */
+ return CK_TRUE;
}
-#define CKAPI_ITEM_CHUNK 20
+#define CKAPI_ITEM_CHUNK 20
-#define PUT_Object(obj,err) \
- { \
- if (count >= size) { \
- *listp = *listp ? \
- nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
- (size+CKAPI_ITEM_CHUNK) ) : \
- nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
- (size+CKAPI_ITEM_CHUNK) ) ; \
- if ((ckcapiInternalObject **)NULL == *listp) { \
- err = CKR_HOST_MEMORY; \
- goto loser; \
- } \
- size += CKAPI_ITEM_CHUNK; \
- } \
- (*listp)[ count ] = (obj); \
- count++; \
- }
-
+#define PUT_Object(obj, err) \
+ { \
+ if (count >= size) { \
+ *listp = *listp ? \
+ nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
+ (size + \
+ CKAPI_ITEM_CHUNK)) \
+ : \
+ nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
+ (size + \
+ CKAPI_ITEM_CHUNK)); \
+ if ((ckcapiInternalObject **)NULL == *listp) { \
+ err = CKR_HOST_MEMORY; \
+ goto loser; \
+ } \
+ size += CKAPI_ITEM_CHUNK; \
+ } \
+ (*listp)[count] = (obj); \
+ count++; \
+ }
/*
* pass parameters back through the callback.
*/
typedef struct BareCollectParamsStr {
- CK_OBJECT_CLASS objClass;
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG ulAttributeCount;
- ckcapiInternalObject ***listp;
- PRUint32 size;
- PRUint32 count;
+ CK_OBJECT_CLASS objClass;
+ CK_ATTRIBUTE_PTR pTemplate;
+ CK_ULONG ulAttributeCount;
+ ckcapiInternalObject ***listp;
+ PRUint32 size;
+ PRUint32 count;
} BareCollectParams;
/* collect_bare's callback. Called for each object that
* supposedly has a PROVINDER_INFO property */
static BOOL WINAPI
-doBareCollect
-(
- const CRYPT_HASH_BLOB *msKeyID,
- DWORD flags,
- void *reserved,
- void *args,
- DWORD cProp,
- DWORD *propID,
- void **propData,
- DWORD *propSize
-)
+doBareCollect(
+ const CRYPT_HASH_BLOB *msKeyID,
+ DWORD flags,
+ void *reserved,
+ void *args,
+ DWORD cProp,
+ DWORD *propID,
+ void **propData,
+ DWORD *propSize)
{
- BareCollectParams *bcp = (BareCollectParams *) args;
- PRUint32 size = bcp->size;
- PRUint32 count = bcp->count;
- ckcapiInternalObject ***listp = bcp->listp;
- ckcapiInternalObject *io = NULL;
- DWORD i;
- CRYPT_KEY_PROV_INFO *keyProvInfo = NULL;
- void *idData;
- CK_RV error;
-
- /* make sure there is a Key Provider Info property */
- for (i=0; i < cProp; i++) {
- if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) {
- keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i];
- break;
+ BareCollectParams *bcp = (BareCollectParams *)args;
+ PRUint32 size = bcp->size;
+ PRUint32 count = bcp->count;
+ ckcapiInternalObject ***listp = bcp->listp;
+ ckcapiInternalObject *io = NULL;
+ DWORD i;
+ CRYPT_KEY_PROV_INFO *keyProvInfo = NULL;
+ void *idData;
+ CK_RV error;
+
+ /* make sure there is a Key Provider Info property */
+ for (i = 0; i < cProp; i++) {
+ if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) {
+ keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i];
+ break;
+ }
}
- }
- if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) {
- return 1;
- }
+ if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) {
+ return 1;
+ }
- /* copy the key ID */
- idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData);
- if ((void *)NULL == idData) {
- goto loser;
- }
- nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData);
+ /* copy the key ID */
+ idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData);
+ if ((void *)NULL == idData) {
+ goto loser;
+ }
+ nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData);
- /* build a bare internal object */
- io = nss_ZNEW(NULL, ckcapiInternalObject);
- if ((ckcapiInternalObject *)NULL == io) {
- goto loser;
- }
- io->type = ckcapiBareKey;
- io->objClass = bcp->objClass;
- io->u.key.provInfo = *keyProvInfo;
- io->u.key.provInfo.pwszContainerName =
- nss_ckcapi_WideDup(keyProvInfo->pwszContainerName);
- io->u.key.provInfo.pwszProvName =
- nss_ckcapi_WideDup(keyProvInfo->pwszProvName);
- io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
- io->u.key.containerName =
- nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName);
- io->u.key.hProv = 0;
- io->idData = idData;
- io->id.data = idData;
- io->id.size = msKeyID->cbData;
- idData = NULL;
+ /* build a bare internal object */
+ io = nss_ZNEW(NULL, ckcapiInternalObject);
+ if ((ckcapiInternalObject *)NULL == io) {
+ goto loser;
+ }
+ io->type = ckcapiBareKey;
+ io->objClass = bcp->objClass;
+ io->u.key.provInfo = *keyProvInfo;
+ io->u.key.provInfo.pwszContainerName =
+ nss_ckcapi_WideDup(keyProvInfo->pwszContainerName);
+ io->u.key.provInfo.pwszProvName =
+ nss_ckcapi_WideDup(keyProvInfo->pwszProvName);
+ io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+ io->u.key.containerName =
+ nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName);
+ io->u.key.hProv = 0;
+ io->idData = idData;
+ io->id.data = idData;
+ io->id.size = msKeyID->cbData;
+ idData = NULL;
- /* see if it matches */
- if( CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io) ) {
- goto loser;
- }
- PUT_Object(io, error);
- bcp->size = size;
- bcp->count = count;
- return 1;
+ /* see if it matches */
+ if (CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io)) {
+ goto loser;
+ }
+ PUT_Object(io, error);
+ bcp->size = size;
+ bcp->count = count;
+ return 1;
loser:
- if (io) {
- nss_ckcapi_DestroyInternalObject(io);
- }
- nss_ZFreeIf(idData);
- return 1;
+ if (io) {
+ nss_ckcapi_DestroyInternalObject(io);
+ }
+ nss_ZFreeIf(idData);
+ return 1;
}
/*
* collect the bare keys running around
*/
static PRUint32
collect_bare(
- CK_OBJECT_CLASS objClass,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject ***listp,
- PRUint32 *sizep,
- PRUint32 count,
- CK_RV *pError
-)
+ CK_OBJECT_CLASS objClass,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject ***listp,
+ PRUint32 *sizep,
+ PRUint32 count,
+ CK_RV *pError)
{
- BOOL rc;
- BareCollectParams bareCollectParams;
+ BOOL rc;
+ BareCollectParams bareCollectParams;
- bareCollectParams.objClass = objClass;
- bareCollectParams.pTemplate = pTemplate;
- bareCollectParams.ulAttributeCount = ulAttributeCount;
- bareCollectParams.listp = listp;
- bareCollectParams.size = *sizep;
- bareCollectParams.count = count;
+ bareCollectParams.objClass = objClass;
+ bareCollectParams.pTemplate = pTemplate;
+ bareCollectParams.ulAttributeCount = ulAttributeCount;
+ bareCollectParams.listp = listp;
+ bareCollectParams.size = *sizep;
+ bareCollectParams.count = count;
- rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0,
- NULL, NULL, &bareCollectParams, doBareCollect);
+ rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0,
+ NULL, NULL, &bareCollectParams, doBareCollect);
- *sizep = bareCollectParams.size;
- return bareCollectParams.count;
+ *sizep = bareCollectParams.size;
+ return bareCollectParams.count;
}
/* find all the certs that represent the appropriate object (cert, priv key, or
* pub key) in the cert store.
*/
static PRUint32
collect_class(
- CK_OBJECT_CLASS objClass,
- LPCSTR storeStr,
- PRBool hasID,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject ***listp,
- PRUint32 *sizep,
- PRUint32 count,
- CK_RV *pError
-)
+ CK_OBJECT_CLASS objClass,
+ LPCSTR storeStr,
+ PRBool hasID,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject ***listp,
+ PRUint32 *sizep,
+ PRUint32 count,
+ CK_RV *pError)
{
- PRUint32 size = *sizep;
- ckcapiInternalObject *next = NULL;
- HCERTSTORE hStore;
- PCCERT_CONTEXT certContext = NULL;
- PRBool isKey =
- (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY);
+ PRUint32 size = *sizep;
+ ckcapiInternalObject *next = NULL;
+ HCERTSTORE hStore;
+ PCCERT_CONTEXT certContext = NULL;
+ PRBool isKey =
+ (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY);
- hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
- if (NULL == hStore) {
- return count; /* none found does not imply an error */
- }
+ hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+ if (NULL == hStore) {
+ return count; /* none found does not imply an error */
+ }
- /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't
+ /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't
* have to enumerate all the certificates */
- while ((PCERT_CONTEXT) NULL !=
- (certContext= CertEnumCertificatesInStore(hStore, certContext))) {
- /* first filter out non user certs if we are looking for keys */
- if (isKey) {
- /* make sure there is a Key Provider Info property */
- CRYPT_KEY_PROV_INFO *keyProvInfo;
- DWORD size = 0;
- BOOL rv;
- rv =CertGetCertificateContextProperty(certContext,
- CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
- if (!rv) {
- int reason = GetLastError();
- /* we only care if it exists, we don't really need to fetch it yet */
- if (reason == CRYPT_E_NOT_FOUND) {
- continue;
- }
- }
- /* filter out the non-microsoft providers */
- keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
- if (keyProvInfo) {
- rv =CertGetCertificateContextProperty(certContext,
- CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size);
- if (rv) {
- char *provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
- nss_ZFreeIf(keyProvInfo);
+ while ((PCERT_CONTEXT)NULL !=
+ (certContext = CertEnumCertificatesInStore(hStore, certContext))) {
+ /* first filter out non user certs if we are looking for keys */
+ if (isKey) {
+ /* make sure there is a Key Provider Info property */
+ CRYPT_KEY_PROV_INFO *keyProvInfo;
+ DWORD size = 0;
+ BOOL rv;
+ rv = CertGetCertificateContextProperty(certContext,
+ CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
+ if (!rv) {
+ int reason = GetLastError();
+ /* we only care if it exists, we don't really need to fetch it yet */
+ if (reason == CRYPT_E_NOT_FOUND) {
+ continue;
+ }
+ }
+ /* filter out the non-microsoft providers */
+ keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+ if (keyProvInfo) {
+ rv = CertGetCertificateContextProperty(certContext,
+ CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size);
+ if (rv) {
+ char *provName =
+ nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+ nss_ZFreeIf(keyProvInfo);
- if (provName &&
- (strncmp(provName, "Microsoft", sizeof("Microsoft")-1) != 0)) {
- continue;
- }
- } else {
- int reason = GetLastError();
- /* we only care if it exists, we don't really need to fetch it yet */
- nss_ZFreeIf(keyProvInfo);
- if (reason == CRYPT_E_NOT_FOUND) {
- continue;
- }
-
+ if (provName &&
+ (strncmp(provName, "Microsoft", sizeof("Microsoft") -
+ 1) != 0)) {
+ continue;
+ }
+ }
+ else {
+ int reason =
+ GetLastError();
+ /* we only care if it exists, we don't really need to fetch it yet */
+ nss_ZFreeIf(keyProvInfo);
+ if (reason ==
+ CRYPT_E_NOT_FOUND) {
+ continue;
+ }
+ }
+ }
}
- }
- }
-
- if ((ckcapiInternalObject *)NULL == next) {
- next = nss_ZNEW(NULL, ckcapiInternalObject);
- if ((ckcapiInternalObject *)NULL == next) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+
+ if ((ckcapiInternalObject *)NULL == next) {
+ next = nss_ZNEW(NULL, ckcapiInternalObject);
+ if ((ckcapiInternalObject *)NULL == next) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+ }
+ next->type = ckcapiCert;
+ next->objClass = objClass;
+ next->u.cert.certContext = certContext;
+ next->u.cert.hasID = hasID;
+ next->u.cert.certStore = storeStr;
+ if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next)) {
+ /* clear cached values that may be dependent on our old certContext */
+ memset(&next->u.cert, 0, sizeof(next->u.cert));
+ /* get a 'permanent' context */
+ next->u.cert.certContext = CertDuplicateCertificateContext(certContext);
+ next->objClass = objClass;
+ next->u.cert.certContext = certContext;
+ next->u.cert.hasID = hasID;
+ next->u.cert.certStore = storeStr;
+ PUT_Object(next, *pError);
+ next = NULL; /* need to allocate a new one now */
+ }
+ else {
+ /* don't cache the values we just loaded */
+ memset(&next->u.cert, 0, sizeof(next->u.cert));
+ }
}
- next->type = ckcapiCert;
- next->objClass = objClass;
- next->u.cert.certContext = certContext;
- next->u.cert.hasID = hasID;
- next->u.cert.certStore = storeStr;
- if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next) ) {
- /* clear cached values that may be dependent on our old certContext */
- memset(&next->u.cert, 0, sizeof(next->u.cert));
- /* get a 'permanent' context */
- next->u.cert.certContext = CertDuplicateCertificateContext(certContext);
- next->objClass = objClass;
- next->u.cert.certContext = certContext;
- next->u.cert.hasID = hasID;
- next->u.cert.certStore = storeStr;
- PUT_Object(next, *pError);
- next = NULL; /* need to allocate a new one now */
- } else {
- /* don't cache the values we just loaded */
- memset(&next->u.cert, 0, sizeof(next->u.cert));
- }
- }
loser:
- CertCloseStore(hStore, 0);
- nss_ZFreeIf(next);
- *sizep = size;
- return count;
+ CertCloseStore(hStore, 0);
+ nss_ZFreeIf(next);
+ *sizep = size;
+ return count;
}
NSS_IMPLEMENT PRUint32
nss_ckcapi_collect_all_certs(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject ***listp,
- PRUint32 *sizep,
- PRUint32 count,
- CK_RV *pError
-)
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject ***listp,
+ PRUint32 *sizep,
+ PRUint32 count,
+ CK_RV *pError)
{
- count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate,
+ count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate,
ulAttributeCount, listp, sizep, count, pError); */
- count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate,
- ulAttributeCount, listp, sizep, count, pError);
- return count;
+ count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate,
+ ulAttributeCount, listp, sizep, count, pError);
+ return count;
}
CK_OBJECT_CLASS
-ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate,
+ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount)
{
- CK_ULONG i;
+ CK_ULONG i;
- for (i=0; i < ulAttributeCount; i++)
- {
- if (pTemplate[i].type == CKA_CLASS) {
- return *(CK_OBJECT_CLASS *) pTemplate[i].pValue;
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (pTemplate[i].type == CKA_CLASS) {
+ return *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+ }
}
- }
- /* need to return a value that says 'fetch them all' */
- return CK_INVALID_HANDLE;
+ /* need to return a value that says 'fetch them all' */
+ return CK_INVALID_HANDLE;
}
static PRUint32
collect_objects(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject ***listp,
- CK_RV *pError
-)
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject ***listp,
+ CK_RV *pError)
{
- PRUint32 i;
- PRUint32 count = 0;
- PRUint32 size = 0;
- CK_OBJECT_CLASS objClass;
+ PRUint32 i;
+ PRUint32 count = 0;
+ PRUint32 size = 0;
+ CK_OBJECT_CLASS objClass;
- /*
- * first handle the static build in objects (if any)
- */
- for( i = 0; i < nss_ckcapi_nObjects; i++ ) {
- ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i];
+ /*
+ * first handle the static build in objects (if any)
+ */
+ for (i = 0; i < nss_ckcapi_nObjects; i++) {
+ ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i];
- if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o) ) {
- PUT_Object(o, *pError);
+ if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o)) {
+ PUT_Object(o, *pError);
+ }
}
- }
- /*
- * now handle the various object types
- */
- objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount);
- *pError = CKR_OK;
- switch (objClass) {
- case CKO_CERTIFICATE:
- count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- break;
- case CKO_PUBLIC_KEY:
- count = collect_class(objClass, "My", PR_TRUE, pTemplate,
- ulAttributeCount, listp, &size, count, pError);
- count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- break;
- case CKO_PRIVATE_KEY:
- count = collect_class(objClass, "My", PR_TRUE, pTemplate,
- ulAttributeCount, listp, &size, count, pError);
- count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- break;
- /* all of them */
- case CK_INVALID_HANDLE:
- count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate,
- ulAttributeCount, listp, &size, count, pError);
- count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate,
- ulAttributeCount, listp, &size, count, pError);
- count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp,
- &size, count, pError);
- break;
- default:
- goto done; /* no other object types we understand in this module */
- }
- if (CKR_OK != *pError) {
- goto loser;
- }
-
+ /*
+ * now handle the various object types
+ */
+ objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount);
+ *pError = CKR_OK;
+ switch (objClass) {
+ case CKO_CERTIFICATE:
+ count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ break;
+ case CKO_PUBLIC_KEY:
+ count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+ ulAttributeCount, listp, &size, count, pError);
+ count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ break;
+ case CKO_PRIVATE_KEY:
+ count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+ ulAttributeCount, listp, &size, count, pError);
+ count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ break;
+ /* all of them */
+ case CK_INVALID_HANDLE:
+ count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate,
+ ulAttributeCount, listp, &size, count, pError);
+ count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate,
+ ulAttributeCount, listp, &size, count, pError);
+ count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp,
+ &size, count, pError);
+ break;
+ default:
+ goto done; /* no other object types we understand in this module */
+ }
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
done:
- return count;
+ return count;
loser:
- nss_ZFreeIf(*listp);
- return 0;
+ nss_ZFreeIf(*listp);
+ return 0;
}
-
-
NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_ckcapi_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_ckcapi_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- /* This could be made more efficient. I'm rather rushed. */
- NSSArena *arena;
- NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
- struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL;
- ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL;
+ /* This could be made more efficient. I'm rather rushed. */
+ NSSArena *arena;
+ NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+ struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL;
+ ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL;
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
+ arena = NSSArena_Create();
+ if ((NSSArena *)NULL == arena) {
+ goto loser;
+ }
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+ if ((NSSCKMDFindObjects *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- fo = nss_ZNEW(arena, struct ckcapiFOStr);
- if( (struct ckcapiFOStr *)NULL == fo ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ fo = nss_ZNEW(arena, struct ckcapiFOStr);
+ if ((struct ckcapiFOStr *)NULL == fo) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
+ fo->arena = arena;
+ /* fo->n and fo->i are already zero */
- fo->arena = arena;
- /* fo->n and fo->i are already zero */
+ rv->etc = (void *)fo;
+ rv->Final = ckcapi_mdFindObjects_Final;
+ rv->Next = ckcapi_mdFindObjects_Next;
+ rv->null = (void *)NULL;
- rv->etc = (void *)fo;
- rv->Final = ckcapi_mdFindObjects_Final;
- rv->Next = ckcapi_mdFindObjects_Next;
- rv->null = (void *)NULL;
+ fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
+ if (*pError != CKR_OK) {
+ goto loser;
+ }
- fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
- if (*pError != CKR_OK) {
- goto loser;
- }
+ fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n);
+ if ((ckcapiInternalObject **)NULL == fo->objs) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n);
- if( (ckcapiInternalObject **)NULL == fo->objs ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n);
+ nss_ZFreeIf(temp);
+ temp = (ckcapiInternalObject **)NULL;
- (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n);
- nss_ZFreeIf(temp);
- temp = (ckcapiInternalObject **)NULL;
+ return rv;
- return rv;
-
- loser:
- nss_ZFreeIf(temp);
- nss_ZFreeIf(fo);
- nss_ZFreeIf(rv);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
- return (NSSCKMDFindObjects *)NULL;
+loser:
+ nss_ZFreeIf(temp);
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(rv);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
+ return (NSSCKMDFindObjects *)NULL;
}
-
--- a/lib/ckfw/capi/cinst.c
+++ b/lib/ckfw/capi/cinst.c
@@ -2,110 +2,96 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ckcapi.h"
/*
* ckcapi/cinstance.c
*
- * This file implements the NSSCKMDInstance object for the
+ * This file implements the NSSCKMDInstance object for the
* "capi" cryptoki module.
*/
/*
* NSSCKMDInstance methods
*/
static CK_ULONG
-ckcapi_mdInstance_GetNSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdInstance_GetNSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (CK_ULONG)1;
+ return (CK_ULONG)1;
}
static CK_VERSION
-ckcapi_mdInstance_GetCryptokiVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_GetCryptokiVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_CryptokiVersion;
+ return nss_ckcapi_CryptokiVersion;
}
static NSSUTF8 *
-ckcapi_mdInstance_GetManufacturerID
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdInstance_GetManufacturerID(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+ return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
}
static NSSUTF8 *
-ckcapi_mdInstance_GetLibraryDescription
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdInstance_GetLibraryDescription(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_LibraryDescription;
+ return (NSSUTF8 *)nss_ckcapi_LibraryDescription;
}
static CK_VERSION
-ckcapi_mdInstance_GetLibraryVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_GetLibraryVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_LibraryVersion;
+ return nss_ckcapi_LibraryVersion;
}
static CK_RV
-ckcapi_mdInstance_GetSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
-)
+ckcapi_mdInstance_GetSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *slots[])
{
- slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot;
- return CKR_OK;
+ slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot;
+ return CKR_OK;
}
static CK_BBOOL
-ckcapi_mdInstance_ModuleHandlesSessionObjects
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_ModuleHandlesSessionObjects(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- /* we don't want to allow any session object creation, at least
- * until we can investigate whether or not we can use those objects
- */
- return CK_TRUE;
+ /* we don't want to allow any session object creation, at least
+ * until we can investigate whether or not we can use those objects
+ */
+ return CK_TRUE;
}
NSS_IMPLEMENT_DATA const NSSCKMDInstance
-nss_ckcapi_mdInstance = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Finalize */
- ckcapi_mdInstance_GetNSlots,
- ckcapi_mdInstance_GetCryptokiVersion,
- ckcapi_mdInstance_GetManufacturerID,
- ckcapi_mdInstance_GetLibraryDescription,
- ckcapi_mdInstance_GetLibraryVersion,
- ckcapi_mdInstance_ModuleHandlesSessionObjects,
- /*NULL, /* HandleSessionObjects */
- ckcapi_mdInstance_GetSlots,
- NULL, /* WaitForSlotEvent */
- (void *)NULL /* null terminator */
-};
+ nss_ckcapi_mdInstance = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Finalize */
+ ckcapi_mdInstance_GetNSlots,
+ ckcapi_mdInstance_GetCryptokiVersion,
+ ckcapi_mdInstance_GetManufacturerID,
+ ckcapi_mdInstance_GetLibraryDescription,
+ ckcapi_mdInstance_GetLibraryVersion,
+ ckcapi_mdInstance_ModuleHandlesSessionObjects,
+ /*NULL, /* HandleSessionObjects */
+ ckcapi_mdInstance_GetSlots,
+ NULL, /* WaitForSlotEvent */
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/capi/ckcapi.h
+++ b/lib/ckfw/capi/ckcapi.h
@@ -26,246 +26,217 @@
#include "wtypes.h"
#include "wincrypt.h"
/*
* statically defined raw objects. Allows us to data description objects
* to this PKCS #11 module.
*/
struct ckcapiRawObjectStr {
- CK_ULONG n;
- const CK_ATTRIBUTE_TYPE *types;
- const NSSItem *items;
+ CK_ULONG n;
+ const CK_ATTRIBUTE_TYPE *types;
+ const NSSItem *items;
};
typedef struct ckcapiRawObjectStr ckcapiRawObject;
-
/*
* common values needed for both bare keys and cert referenced keys.
*/
struct ckcapiKeyParamsStr {
- NSSItem modulus;
- NSSItem exponent;
- NSSItem privateExponent;
- NSSItem prime1;
- NSSItem prime2;
- NSSItem exponent1;
- NSSItem exponent2;
- NSSItem coefficient;
- unsigned char publicExponentData[sizeof(CK_ULONG)];
- void *privateKey;
- void *pubKey;
+ NSSItem modulus;
+ NSSItem exponent;
+ NSSItem privateExponent;
+ NSSItem prime1;
+ NSSItem prime2;
+ NSSItem exponent1;
+ NSSItem exponent2;
+ NSSItem coefficient;
+ unsigned char publicExponentData[sizeof(CK_ULONG)];
+ void *privateKey;
+ void *pubKey;
};
typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
/*
* Key objects. Handles bare keys which do not yet have certs associated
* with them. These are usually short lived, but may exist for several days
* while the CA is issuing the certificate.
*/
struct ckcapiKeyObjectStr {
- CRYPT_KEY_PROV_INFO provInfo;
- char *provName;
- char *containerName;
- HCRYPTPROV hProv;
- ckcapiKeyParams key;
+ CRYPT_KEY_PROV_INFO provInfo;
+ char *provName;
+ char *containerName;
+ HCRYPTPROV hProv;
+ ckcapiKeyParams key;
};
typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
/*
* Certificate and certificate referenced keys.
*/
struct ckcapiCertObjectStr {
- PCCERT_CONTEXT certContext;
- PRBool hasID;
- const char *certStore;
- NSSItem label;
- NSSItem subject;
- NSSItem issuer;
- NSSItem serial;
- NSSItem derCert;
- ckcapiKeyParams key;
- unsigned char *labelData;
- /* static data: to do, make this dynamic like labelData */
- unsigned char derSerial[128];
+ PCCERT_CONTEXT certContext;
+ PRBool hasID;
+ const char *certStore;
+ NSSItem label;
+ NSSItem subject;
+ NSSItem issuer;
+ NSSItem serial;
+ NSSItem derCert;
+ ckcapiKeyParams key;
+ unsigned char *labelData;
+ /* static data: to do, make this dynamic like labelData */
+ unsigned char derSerial[128];
};
typedef struct ckcapiCertObjectStr ckcapiCertObject;
typedef enum {
- ckcapiRaw,
- ckcapiCert,
- ckcapiBareKey
+ ckcapiRaw,
+ ckcapiCert,
+ ckcapiBareKey
} ckcapiObjectType;
/*
* all the various types of objects are abstracted away in cobject and
* cfind as ckcapiInternalObjects.
*/
struct ckcapiInternalObjectStr {
- ckcapiObjectType type;
- union {
- ckcapiRawObject raw;
- ckcapiCertObject cert;
- ckcapiKeyObject key;
- } u;
- CK_OBJECT_CLASS objClass;
- NSSItem hashKey;
- NSSItem id;
- void *idData;
- unsigned char hashKeyData[128];
- NSSCKMDObject mdObject;
+ ckcapiObjectType type;
+ union {
+ ckcapiRawObject raw;
+ ckcapiCertObject cert;
+ ckcapiKeyObject key;
+ } u;
+ CK_OBJECT_CLASS objClass;
+ NSSItem hashKey;
+ NSSItem id;
+ void *idData;
+ unsigned char hashKeyData[128];
+ NSSCKMDObject mdObject;
};
typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
/* our raw object data array */
NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
-NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
+NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
-NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription;
-NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription;
-NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
-NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel;
-NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber;
-NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
-NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
-NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
+NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
NSS_EXTERN NSSCKMDSession *
-nss_ckcapi_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nss_ckcapi_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDFindObjects *
-nss_ckcapi_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nss_ckcapi_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* Object Utilities
*/
NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateMDObject
-(
- NSSArena *arena,
- ckcapiInternalObject *io,
- CK_RV *pError
-);
+nss_ckcapi_CreateMDObject(
+ NSSArena *arena,
+ ckcapiInternalObject *io,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nss_ckcapi_CreateObject(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
NSS_EXTERN const NSSItem *
-nss_ckcapi_FetchAttribute
-(
- ckcapiInternalObject *io,
- CK_ATTRIBUTE_TYPE type
-);
+nss_ckcapi_FetchAttribute(
+ ckcapiInternalObject *io,
+ CK_ATTRIBUTE_TYPE type);
NSS_EXTERN void
-nss_ckcapi_DestroyInternalObject
-(
- ckcapiInternalObject *io
-);
+nss_ckcapi_DestroyInternalObject(
+ ckcapiInternalObject *io);
NSS_EXTERN CK_RV
-nss_ckcapi_FetchKeyContainer
-(
- ckcapiInternalObject *iKey,
- HCRYPTPROV *hProv,
- DWORD *keySpec,
- HCRYPTKEY *hKey
-);
+nss_ckcapi_FetchKeyContainer(
+ ckcapiInternalObject *iKey,
+ HCRYPTPROV *hProv,
+ DWORD *keySpec,
+ HCRYPTKEY *hKey);
/*
* generic utilities
*/
/*
* So everyone else in the worlds stores their bignum data MSB first, but not
* Microsoft, we need to byte swap everything coming into and out of CAPI.
*/
void
-ckcapi_ReverseData
-(
- NSSItem *item
-);
+ckcapi_ReverseData(
+ NSSItem *item);
/*
* unwrap a single DER value
*/
unsigned char *
-nss_ckcapi_DERUnwrap
-(
- unsigned char *src,
- unsigned int size,
- unsigned int *outSize,
- unsigned char **next
-);
+nss_ckcapi_DERUnwrap(
+ unsigned char *src,
+ unsigned int size,
+ unsigned int *outSize,
+ unsigned char **next);
/*
* Return the size in bytes of a wide string
*/
-int
-nss_ckcapi_WideSize
-(
- LPCWSTR wide
-);
+int
+nss_ckcapi_WideSize(
+ LPCWSTR wide);
/*
* Covert a Unicode wide character string to a UTF8 string
*/
char *
-nss_ckcapi_WideToUTF8
-(
- LPCWSTR wide
-);
+nss_ckcapi_WideToUTF8(
+ LPCWSTR wide);
/*
* Return a Wide String duplicated with nss allocated memory.
*/
LPWSTR
-nss_ckcapi_WideDup
-(
- LPCWSTR wide
-);
+nss_ckcapi_WideDup(
+ LPCWSTR wide);
/*
* Covert a UTF8 string to Unicode wide character
*/
LPWSTR
-nss_ckcapi_UTF8ToWide
-(
- char *buf
-);
-
+nss_ckcapi_UTF8ToWide(
+ char *buf);
NSS_EXTERN PRUint32
nss_ckcapi_collect_all_certs(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- ckcapiInternalObject ***listp,
- PRUint32 *sizep,
- PRUint32 count,
- CK_RV *pError
-);
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ ckcapiInternalObject ***listp,
+ PRUint32 *sizep,
+ PRUint32 count,
+ CK_RV *pError);
-#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
-
+#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0])))
+
#endif
--- a/lib/ckfw/capi/ckcapiver.c
+++ b/lib/ckfw/capi/ckcapiver.c
@@ -9,10 +9,9 @@
#define _DEBUG_STRING " (debug)"
#else
#define _DEBUG_STRING ""
#endif
/*
* Version information
*/
-const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store "
- NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING;
+const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING;
--- a/lib/ckfw/capi/cobject.c
+++ b/lib/ckfw/capi/cobject.c
@@ -71,2235 +71,2169 @@ const CK_ATTRIBUTE_TYPE pubKeyAttrs[] =
const PRUint32 pubKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(pubKeyAttrs);
static const CK_BBOOL ck_true = CK_TRUE;
static const CK_BBOOL ck_false = CK_FALSE;
static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509;
static const CK_KEY_TYPE ckk_rsa = CKK_RSA;
static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
-static const NSSItem ckcapi_trueItem = {
- (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) };
-static const NSSItem ckcapi_falseItem = {
- (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) };
-static const NSSItem ckcapi_x509Item = {
- (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) };
-static const NSSItem ckcapi_rsaItem = {
- (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) };
-static const NSSItem ckcapi_certClassItem = {
- (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) };
+static const NSSItem ckcapi_trueItem = {
+ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_falseItem = {
+ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_x509Item = {
+ (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE)
+};
+static const NSSItem ckcapi_rsaItem = {
+ (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE)
+};
+static const NSSItem ckcapi_certClassItem = {
+ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
static const NSSItem ckcapi_privKeyClassItem = {
- (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) };
+ (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
static const NSSItem ckcapi_pubKeyClassItem = {
- (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) };
-static const NSSItem ckcapi_emptyItem = {
- (void *)&ck_true, 0};
+ (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckcapi_emptyItem = {
+ (void *)&ck_true, 0
+};
/*
* these are utilities. The chould be moved to a new utilities file.
*/
/*
* unwrap a single DER value
*/
unsigned char *
-nss_ckcapi_DERUnwrap
-(
- unsigned char *src,
- unsigned int size,
- unsigned int *outSize,
- unsigned char **next
-)
+nss_ckcapi_DERUnwrap(
+ unsigned char *src,
+ unsigned int size,
+ unsigned int *outSize,
+ unsigned char **next)
{
- unsigned char *start = src;
- unsigned char *end = src+size;
- unsigned int len = 0;
+ unsigned char *start = src;
+ unsigned char *end = src + size;
+ unsigned int len = 0;
- /* initialize error condition return values */
- *outSize = 0;
- if (next) {
- *next = src;
- }
+ /* initialize error condition return values */
+ *outSize = 0;
+ if (next) {
+ *next = src;
+ }
- if (size < 2) {
- return start;
- }
- src++; /* skip the tag -- should check it against an expected value! */
- len = (unsigned) *src++;
- if (len & 0x80) {
- unsigned int count = len & 0x7f;
- len = 0;
-
- if (count+2 > size) {
- return start;
+ if (size < 2) {
+ return start;
}
- while (count-- > 0) {
- len = (len << 8) | (unsigned) *src++;
+ src++; /* skip the tag -- should check it against an expected value! */
+ len = (unsigned)*src++;
+ if (len & 0x80) {
+ unsigned int count = len & 0x7f;
+ len = 0;
+
+ if (count + 2 > size) {
+ return start;
+ }
+ while (count-- > 0) {
+ len = (len << 8) | (unsigned)*src++;
+ }
}
- }
- if (len + (src-start) > size) {
- return start;
- }
- if (next) {
- *next = src+len;
- }
- *outSize = len;
+ if (len + (src - start) > size) {
+ return start;
+ }
+ if (next) {
+ *next = src + len;
+ }
+ *outSize = len;
- return src;
+ return src;
}
/*
* convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be
* less than sizeof (CK_ULONG).
*/
-CK_ULONG
-nss_ckcapi_DataToInt
-(
- NSSItem *data,
- CK_RV *pError
-)
+CK_ULONG
+nss_ckcapi_DataToInt(
+ NSSItem *data,
+ CK_RV *pError)
{
- CK_ULONG value = 0;
- unsigned long count = data->size;
- unsigned char *dataPtr = data->data;
- unsigned long size = 0;
+ CK_ULONG value = 0;
+ unsigned long count = data->size;
+ unsigned char *dataPtr = data->data;
+ unsigned long size = 0;
+
+ *pError = CKR_OK;
- *pError = CKR_OK;
-
- while (count--) {
- value = value << 8;
- value = value + *dataPtr++;
- if (size || value) {
- size++;
+ while (count--) {
+ value = value << 8;
+ value = value + *dataPtr++;
+ if (size || value) {
+ size++;
+ }
}
- }
- if (size > sizeof(CK_ULONG)) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- }
- return value;
+ if (size > sizeof(CK_ULONG)) {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ return value;
}
/*
* convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf'
* and must be at least CK_ULONG. Caller must provide buf.
*/
-CK_ULONG
-nss_ckcapi_IntToData
-(
- CK_ULONG value,
- NSSItem *data,
- unsigned char *dataPtr,
- CK_RV *pError
-)
+CK_ULONG
+nss_ckcapi_IntToData(
+ CK_ULONG value,
+ NSSItem *data,
+ unsigned char *dataPtr,
+ CK_RV *pError)
{
- unsigned long count = 0;
- unsigned long i;
-#define SHIFT ((sizeof(CK_ULONG)-1)*8)
- PRBool first = 0;
+ unsigned long count = 0;
+ unsigned long i;
+#define SHIFT ((sizeof(CK_ULONG) - 1) * 8)
+ PRBool first = 0;
- *pError = CKR_OK;
+ *pError = CKR_OK;
- data->data = dataPtr;
- for (i=0; i < sizeof(CK_ULONG); i++) {
- unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff);
+ data->data = dataPtr;
+ for (i = 0; i < sizeof(CK_ULONG); i++) {
+ unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff);
- value = value << 8;
+ value = value << 8;
- /* drop leading zero bytes */
- if (first && (0 == digit)) {
- continue;
+ /* drop leading zero bytes */
+ if (first && (0 == digit)) {
+ continue;
+ }
+ *dataPtr++ = digit;
+ count++;
}
- *dataPtr++ = digit;
- count++;
- }
- data->size = count;
- return count;
+ data->size = count;
+ return count;
}
/*
* get an attribute from a template. Value is returned in NSS item.
* data for the item is owned by the template.
*/
CK_RV
-nss_ckcapi_GetAttribute
-(
- CK_ATTRIBUTE_TYPE type,
- CK_ATTRIBUTE *template,
- CK_ULONG templateSize,
- NSSItem *item
-)
+nss_ckcapi_GetAttribute(
+ CK_ATTRIBUTE_TYPE type,
+ CK_ATTRIBUTE *template,
+ CK_ULONG templateSize,
+ NSSItem *item)
{
- CK_ULONG i;
+ CK_ULONG i;
- for (i=0; i < templateSize; i++) {
- if (template[i].type == type) {
- item->data = template[i].pValue;
- item->size = template[i].ulValueLen;
- return CKR_OK;
+ for (i = 0; i < templateSize; i++) {
+ if (template[i].type == type) {
+ item->data = template[i].pValue;
+ item->size = template[i].ulValueLen;
+ return CKR_OK;
+ }
}
- }
- return CKR_TEMPLATE_INCOMPLETE;
+ return CKR_TEMPLATE_INCOMPLETE;
}
/*
* get an attribute which is type CK_ULONG.
*/
CK_ULONG
-nss_ckcapi_GetULongAttribute
-(
- CK_ATTRIBUTE_TYPE type,
- CK_ATTRIBUTE *template,
- CK_ULONG templateSize,
- CK_RV *pError
-)
+nss_ckcapi_GetULongAttribute(
+ CK_ATTRIBUTE_TYPE type,
+ CK_ATTRIBUTE *template,
+ CK_ULONG templateSize,
+ CK_RV *pError)
{
- NSSItem item;
+ NSSItem item;
- *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
- if (CKR_OK != *pError) {
- return (CK_ULONG) 0;
- }
- if (item.size != sizeof(CK_ULONG)) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (CK_ULONG) 0;
- }
- return *(CK_ULONG *)item.data;
+ *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
+ if (item.size != sizeof(CK_ULONG)) {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ return (CK_ULONG)0;
+ }
+ return *(CK_ULONG *)item.data;
}
/*
* get an attribute which is type CK_BBOOL.
*/
CK_BBOOL
-nss_ckcapi_GetBoolAttribute
-(
- CK_ATTRIBUTE_TYPE type,
- CK_ATTRIBUTE *template,
- CK_ULONG templateSize,
- CK_RV *pError
-)
+nss_ckcapi_GetBoolAttribute(
+ CK_ATTRIBUTE_TYPE type,
+ CK_ATTRIBUTE *template,
+ CK_ULONG templateSize,
+ CK_RV *pError)
{
- NSSItem item;
+ NSSItem item;
- *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
- if (CKR_OK != *pError) {
- return (CK_BBOOL) 0;
- }
- if (item.size != sizeof(CK_BBOOL)) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (CK_BBOOL) 0;
- }
- return *(CK_BBOOL *)item.data;
+ *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+ if (CKR_OK != *pError) {
+ return (CK_BBOOL)0;
+ }
+ if (item.size != sizeof(CK_BBOOL)) {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ return (CK_BBOOL)0;
+ }
+ return *(CK_BBOOL *)item.data;
}
/*
* get an attribute which is type CK_BBOOL.
*/
char *
-nss_ckcapi_GetStringAttribute
-(
- CK_ATTRIBUTE_TYPE type,
- CK_ATTRIBUTE *template,
- CK_ULONG templateSize,
- CK_RV *pError
-)
+nss_ckcapi_GetStringAttribute(
+ CK_ATTRIBUTE_TYPE type,
+ CK_ATTRIBUTE *template,
+ CK_ULONG templateSize,
+ CK_RV *pError)
{
- NSSItem item;
- char *str;
+ NSSItem item;
+ char *str;
- /* get the attribute */
- *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
- if (CKR_OK != *pError) {
- return (char *)NULL;
- }
- /* make sure it is null terminated */
- str = nss_ZNEWARRAY(NULL, char, item.size+1);
- if ((char *)NULL == str) {
- *pError = CKR_HOST_MEMORY;
- return (char *)NULL;
- }
+ /* get the attribute */
+ *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+ if (CKR_OK != *pError) {
+ return (char *)NULL;
+ }
+ /* make sure it is null terminated */
+ str = nss_ZNEWARRAY(NULL, char, item.size + 1);
+ if ((char *)NULL == str) {
+ *pError = CKR_HOST_MEMORY;
+ return (char *)NULL;
+ }
- nsslibc_memcpy(str, item.data, item.size);
- str[item.size] = 0;
+ nsslibc_memcpy(str, item.data, item.size);
+ str[item.size] = 0;
- return str;
+ return str;
}
/*
* Return the size in bytes of a wide string, including the terminating null
* character
*/
int
-nss_ckcapi_WideSize
-(
- LPCWSTR wide
-)
+nss_ckcapi_WideSize(
+ LPCWSTR wide)
{
- DWORD size;
+ DWORD size;
- if ((LPWSTR)NULL == wide) {
- return 0;
- }
- size = wcslen(wide)+1;
- return size*sizeof(WCHAR);
+ if ((LPWSTR)NULL == wide) {
+ return 0;
+ }
+ size = wcslen(wide) + 1;
+ return size * sizeof(WCHAR);
}
/*
* Covert a Unicode wide character string to a UTF8 string
*/
char *
-nss_ckcapi_WideToUTF8
-(
- LPCWSTR wide
-)
+nss_ckcapi_WideToUTF8(
+ LPCWSTR wide)
{
- DWORD size;
- char *buf;
+ DWORD size;
+ char *buf;
- if ((LPWSTR)NULL == wide) {
- return (char *)NULL;
- }
+ if ((LPWSTR)NULL == wide) {
+ return (char *)NULL;
+ }
- size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0);
- if (size == 0) {
- return (char *)NULL;
- }
- buf = nss_ZNEWARRAY(NULL, char, size);
- size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0);
- if (size == 0) {
- nss_ZFreeIf(buf);
- return (char *)NULL;
- }
- return buf;
+ size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0);
+ if (size == 0) {
+ return (char *)NULL;
+ }
+ buf = nss_ZNEWARRAY(NULL, char, size);
+ size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0);
+ if (size == 0) {
+ nss_ZFreeIf(buf);
+ return (char *)NULL;
+ }
+ return buf;
}
/*
* Return a Wide String duplicated with nss allocated memory.
*/
LPWSTR
-nss_ckcapi_WideDup
-(
- LPCWSTR wide
-)
+nss_ckcapi_WideDup(
+ LPCWSTR wide)
{
- DWORD len;
- LPWSTR buf;
+ DWORD len;
+ LPWSTR buf;
- if ((LPWSTR)NULL == wide) {
- return (LPWSTR)NULL;
- }
+ if ((LPWSTR)NULL == wide) {
+ return (LPWSTR)NULL;
+ }
- len = wcslen(wide)+1;
+ len = wcslen(wide) + 1;
- buf = nss_ZNEWARRAY(NULL, WCHAR, len);
- if ((LPWSTR) NULL == buf) {
+ buf = nss_ZNEWARRAY(NULL, WCHAR, len);
+ if ((LPWSTR)NULL == buf) {
+ return buf;
+ }
+ nsslibc_memcpy(buf, wide, len * sizeof(WCHAR));
return buf;
- }
- nsslibc_memcpy(buf, wide, len*sizeof(WCHAR));
- return buf;
}
/*
* Covert a UTF8 string to Unicode wide character
*/
LPWSTR
-nss_ckcapi_UTF8ToWide
-(
- char *buf
-)
+nss_ckcapi_UTF8ToWide(
+ char *buf)
{
- DWORD size;
- LPWSTR wide;
+ DWORD size;
+ LPWSTR wide;
+
+ if ((char *)NULL == buf) {
+ return (LPWSTR)NULL;
+ }
- if ((char *)NULL == buf) {
- return (LPWSTR) NULL;
- }
-
- size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
- if (size == 0) {
- return (LPWSTR) NULL;
- }
- wide = nss_ZNEWARRAY(NULL, WCHAR, size);
- size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
- if (size == 0) {
- nss_ZFreeIf(wide);
- return (LPWSTR) NULL;
- }
- return wide;
+ size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
+ if (size == 0) {
+ return (LPWSTR)NULL;
+ }
+ wide = nss_ZNEWARRAY(NULL, WCHAR, size);
+ size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
+ if (size == 0) {
+ nss_ZFreeIf(wide);
+ return (LPWSTR)NULL;
+ }
+ return wide;
}
-
/*
* keep all the knowlege of how the internalObject is laid out in this function
*
* nss_ckcapi_FetchKeyContainer
*
* fetches the Provider container and info as well as a key handle for a
* private key. If something other than a private key is passed in,
* this function fails with CKR_KEY_TYPE_INCONSISTENT
*/
NSS_EXTERN CK_RV
-nss_ckcapi_FetchKeyContainer
-(
- ckcapiInternalObject *iKey,
- HCRYPTPROV *hProv,
- DWORD *keySpec,
- HCRYPTKEY *hKey
-)
+nss_ckcapi_FetchKeyContainer(
+ ckcapiInternalObject *iKey,
+ HCRYPTPROV *hProv,
+ DWORD *keySpec,
+ HCRYPTKEY *hKey)
{
- ckcapiCertObject *co;
- ckcapiKeyObject *ko;
- BOOL rc, dummy;
- DWORD msError;
-
+ ckcapiCertObject *co;
+ ckcapiKeyObject *ko;
+ BOOL rc, dummy;
+ DWORD msError;
- switch (iKey->type) {
- default:
- case ckcapiRaw:
- /* can't have raw private keys */
- return CKR_KEY_TYPE_INCONSISTENT;
- case ckcapiCert:
- if (iKey->objClass != CKO_PRIVATE_KEY) {
- /* Only private keys have private key provider handles */
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- co = &iKey->u.cert;
+ switch (iKey->type) {
+ default:
+ case ckcapiRaw:
+ /* can't have raw private keys */
+ return CKR_KEY_TYPE_INCONSISTENT;
+ case ckcapiCert:
+ if (iKey->objClass != CKO_PRIVATE_KEY) {
+ /* Only private keys have private key provider handles */
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ co = &iKey->u.cert;
- /* OK, get the Provider */
- rc = CryptAcquireCertificatePrivateKey(co->certContext,
- CRYPT_ACQUIRE_CACHE_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, hProv,
- keySpec, &dummy);
- if (!rc) {
- goto loser;
- }
- break;
- case ckcapiBareKey:
- if (iKey->objClass != CKO_PRIVATE_KEY) {
- /* Only private keys have private key provider handles */
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- ko = &iKey->u.key;
+ /* OK, get the Provider */
+ rc = CryptAcquireCertificatePrivateKey(co->certContext,
+ CRYPT_ACQUIRE_CACHE_FLAG |
+ CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+ NULL, hProv,
+ keySpec, &dummy);
+ if (!rc) {
+ goto loser;
+ }
+ break;
+ case ckcapiBareKey:
+ if (iKey->objClass != CKO_PRIVATE_KEY) {
+ /* Only private keys have private key provider handles */
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ ko = &iKey->u.key;
- /* OK, get the Provider */
- if (0 == ko->hProv) {
- rc = CryptAcquireContext(hProv,
- ko->containerName,
- ko->provName,
- ko->provInfo.dwProvType , 0);
- if (!rc) {
- goto loser;
- }
- } else {
- *hProv = ko->hProv;
+ /* OK, get the Provider */
+ if (0 == ko->hProv) {
+ rc =
+ CryptAcquireContext(hProv,
+ ko->containerName,
+ ko->provName,
+ ko->provInfo.dwProvType, 0);
+ if (!rc) {
+ goto loser;
+ }
+ }
+ else {
+ *hProv =
+ ko->hProv;
+ }
+ *keySpec = ko->provInfo.dwKeySpec;
+ break;
}
- *keySpec = ko->provInfo.dwKeySpec;
- break;
- }
- /* and get the crypto handle */
- rc = CryptGetUserKey(*hProv, *keySpec, hKey);
- if (!rc) {
- goto loser;
- }
- return CKR_OK;
+ /* and get the crypto handle */
+ rc = CryptGetUserKey(*hProv, *keySpec, hKey);
+ if (!rc) {
+ goto loser;
+ }
+ return CKR_OK;
loser:
- /* map the microsoft error before leaving */
- msError = GetLastError();
- switch (msError) {
- case ERROR_INVALID_HANDLE:
- case ERROR_INVALID_PARAMETER:
- case NTE_BAD_KEY:
- case NTE_NO_KEY:
- case NTE_BAD_PUBLIC_KEY:
- case NTE_BAD_KEYSET:
- case NTE_KEYSET_NOT_DEF:
- return CKR_KEY_TYPE_INCONSISTENT;
- case NTE_BAD_UID:
- case NTE_KEYSET_ENTRY_BAD:
- return CKR_DEVICE_ERROR;
- }
- return CKR_GENERAL_ERROR;
+ /* map the microsoft error before leaving */
+ msError = GetLastError();
+ switch (msError) {
+ case ERROR_INVALID_HANDLE:
+ case ERROR_INVALID_PARAMETER:
+ case NTE_BAD_KEY:
+ case NTE_NO_KEY:
+ case NTE_BAD_PUBLIC_KEY:
+ case NTE_BAD_KEYSET:
+ case NTE_KEYSET_NOT_DEF:
+ return CKR_KEY_TYPE_INCONSISTENT;
+ case NTE_BAD_UID:
+ case NTE_KEYSET_ENTRY_BAD:
+ return CKR_DEVICE_ERROR;
+ }
+ return CKR_GENERAL_ERROR;
}
-
/*
* take a DER PUBLIC Key block and return the modulus and exponent
*/
static void
-ckcapi_CertPopulateModulusExponent
-(
- ckcapiInternalObject *io
-)
+ckcapi_CertPopulateModulusExponent(
+ ckcapiInternalObject *io)
{
- ckcapiKeyParams *kp = &io->u.cert.key;
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- unsigned char *pkData =
- certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData;
- unsigned int size=
- certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData;
- unsigned int newSize;
- unsigned char *ptr, *newptr;
+ ckcapiKeyParams *kp = &io->u.cert.key;
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ unsigned char *pkData =
+ certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData;
+ unsigned int size =
+ certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData;
+ unsigned int newSize;
+ unsigned char *ptr, *newptr;
- /* find the start of the modulus -- this will not give good results if
- * the key isn't an rsa key! */
- ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL);
- kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize,
- &kp->modulus.size, &newptr);
- /* changed from signed to unsigned int */
- if (0 == *(char *)kp->modulus.data) {
- kp->modulus.data = ((char *)kp->modulus.data)+1;
- kp->modulus.size = kp->modulus.size - 1;
- }
- /* changed from signed to unsigned int */
- kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr-ptr)+newSize,
- &kp->exponent.size, NULL);
- if (0 == *(char *)kp->exponent.data) {
- kp->exponent.data = ((char *)kp->exponent.data)+1;
- kp->exponent.size = kp->exponent.size - 1;
- }
- return;
+ /* find the start of the modulus -- this will not give good results if
+ * the key isn't an rsa key! */
+ ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL);
+ kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize,
+ &kp->modulus.size, &newptr);
+ /* changed from signed to unsigned int */
+ if (0 == *(char *)kp->modulus.data) {
+ kp->modulus.data = ((char *)kp->modulus.data) + 1;
+ kp->modulus.size = kp->modulus.size - 1;
+ }
+ /* changed from signed to unsigned int */
+ kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr - ptr) + newSize,
+ &kp->exponent.size, NULL);
+ if (0 == *(char *)kp->exponent.data) {
+ kp->exponent.data = ((char *)kp->exponent.data) + 1;
+ kp->exponent.size = kp->exponent.size - 1;
+ }
+ return;
}
typedef struct _CAPI_RSA_KEY_BLOB {
- PUBLICKEYSTRUC header;
- RSAPUBKEY rsa;
- char data[1];
+ PUBLICKEYSTRUC header;
+ RSAPUBKEY rsa;
+ char data[1];
} CAPI_RSA_KEY_BLOB;
-#define CAPI_MODULUS_OFFSET(modSize) 0
-#define CAPI_PRIME_1_OFFSET(modSize) (modSize)
-#define CAPI_PRIME_2_OFFSET(modSize) ((modSize)+(modSize)/2)
-#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2)
-#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2+(modSize)/2)
+#define CAPI_MODULUS_OFFSET(modSize) 0
+#define CAPI_PRIME_1_OFFSET(modSize) (modSize)
+#define CAPI_PRIME_2_OFFSET(modSize) ((modSize) + (modSize) / 2)
+#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2)
+#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2 + (modSize) / 2)
#define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3)
-#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3+(modSize)/2)
+#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3 + (modSize) / 2)
void
-ckcapi_FetchPublicKey
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchPublicKey(
+ ckcapiInternalObject *io)
{
- ckcapiKeyParams *kp;
- HCRYPTPROV hProv;
- DWORD keySpec;
- HCRYPTKEY hKey = 0;
- CK_RV error;
- DWORD bufLen;
- BOOL rc;
- unsigned long modulus;
- char *buf = NULL;
- CAPI_RSA_KEY_BLOB *blob;
+ ckcapiKeyParams *kp;
+ HCRYPTPROV hProv;
+ DWORD keySpec;
+ HCRYPTKEY hKey = 0;
+ CK_RV error;
+ DWORD bufLen;
+ BOOL rc;
+ unsigned long modulus;
+ char *buf = NULL;
+ CAPI_RSA_KEY_BLOB *blob;
- error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
- if (CKR_OK != error) {
- goto loser;
- }
- kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
+ error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+ if (CKR_OK != error) {
+ goto loser;
+ }
+ kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
- rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
- if (!rc) {
- goto loser;
- }
- buf = nss_ZNEWARRAY(NULL, char, bufLen);
- rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
- if (!rc) {
- goto loser;
- }
- /* validate the blob */
- blob = (CAPI_RSA_KEY_BLOB *)buf;
- if ((PUBLICKEYBLOB != blob->header.bType) ||
- (0x02 != blob->header.bVersion) ||
- (0x31415352 != blob->rsa.magic)) {
- goto loser;
- }
- modulus = blob->rsa.bitlen/8;
- kp->pubKey = buf;
- buf = NULL;
+ rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+ if (!rc) {
+ goto loser;
+ }
+ buf = nss_ZNEWARRAY(NULL, char, bufLen);
+ rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+ if (!rc) {
+ goto loser;
+ }
+ /* validate the blob */
+ blob = (CAPI_RSA_KEY_BLOB *)buf;
+ if ((PUBLICKEYBLOB != blob->header.bType) ||
+ (0x02 != blob->header.bVersion) ||
+ (0x31415352 != blob->rsa.magic)) {
+ goto loser;
+ }
+ modulus = blob->rsa.bitlen / 8;
+ kp->pubKey = buf;
+ buf = NULL;
- kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)];
- kp->modulus.size = modulus;
- ckcapi_ReverseData(&kp->modulus);
- nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent,
- kp->publicExponentData, &error);
+ kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)];
+ kp->modulus.size = modulus;
+ ckcapi_ReverseData(&kp->modulus);
+ nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent,
+ kp->publicExponentData, &error);
loser:
- nss_ZFreeIf(buf);
- if (0 != hKey) {
- CryptDestroyKey(hKey);
- }
- return;
+ nss_ZFreeIf(buf);
+ if (0 != hKey) {
+ CryptDestroyKey(hKey);
+ }
+ return;
}
void
-ckcapi_FetchPrivateKey
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchPrivateKey(
+ ckcapiInternalObject *io)
{
- ckcapiKeyParams *kp;
- HCRYPTPROV hProv;
- DWORD keySpec;
- HCRYPTKEY hKey = 0;
- CK_RV error;
- DWORD bufLen;
- BOOL rc;
- unsigned long modulus;
- char *buf = NULL;
- CAPI_RSA_KEY_BLOB *blob;
+ ckcapiKeyParams *kp;
+ HCRYPTPROV hProv;
+ DWORD keySpec;
+ HCRYPTKEY hKey = 0;
+ CK_RV error;
+ DWORD bufLen;
+ BOOL rc;
+ unsigned long modulus;
+ char *buf = NULL;
+ CAPI_RSA_KEY_BLOB *blob;
- error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
- if (CKR_OK != error) {
- goto loser;
- }
- kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
+ error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+ if (CKR_OK != error) {
+ goto loser;
+ }
+ kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
- rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
- if (!rc) {
- goto loser;
- }
- buf = nss_ZNEWARRAY(NULL, char, bufLen);
- rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
- if (!rc) {
- goto loser;
- }
- /* validate the blob */
- blob = (CAPI_RSA_KEY_BLOB *)buf;
- if ((PRIVATEKEYBLOB != blob->header.bType) ||
- (0x02 != blob->header.bVersion) ||
- (0x32415352 != blob->rsa.magic)) {
- goto loser;
- }
- modulus = blob->rsa.bitlen/8;
- kp->privateKey = buf;
- buf = NULL;
+ rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+ if (!rc) {
+ goto loser;
+ }
+ buf = nss_ZNEWARRAY(NULL, char, bufLen);
+ rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+ if (!rc) {
+ goto loser;
+ }
+ /* validate the blob */
+ blob = (CAPI_RSA_KEY_BLOB *)buf;
+ if ((PRIVATEKEYBLOB != blob->header.bType) ||
+ (0x02 != blob->header.bVersion) ||
+ (0x32415352 != blob->rsa.magic)) {
+ goto loser;
+ }
+ modulus = blob->rsa.bitlen / 8;
+ kp->privateKey = buf;
+ buf = NULL;
- kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)];
- kp->privateExponent.size = modulus;
- ckcapi_ReverseData(&kp->privateExponent);
- kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)];
- kp->prime1.size = modulus/2;
- ckcapi_ReverseData(&kp->prime1);
- kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)];
- kp->prime2.size = modulus/2;
- ckcapi_ReverseData(&kp->prime2);
- kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)];
- kp->exponent1.size = modulus/2;
- ckcapi_ReverseData(&kp->exponent1);
- kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)];
- kp->exponent2.size = modulus/2;
- ckcapi_ReverseData(&kp->exponent2);
- kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)];
- kp->coefficient.size = modulus/2;
- ckcapi_ReverseData(&kp->coefficient);
+ kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)];
+ kp->privateExponent.size = modulus;
+ ckcapi_ReverseData(&kp->privateExponent);
+ kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)];
+ kp->prime1.size = modulus / 2;
+ ckcapi_ReverseData(&kp->prime1);
+ kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)];
+ kp->prime2.size = modulus / 2;
+ ckcapi_ReverseData(&kp->prime2);
+ kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)];
+ kp->exponent1.size = modulus / 2;
+ ckcapi_ReverseData(&kp->exponent1);
+ kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)];
+ kp->exponent2.size = modulus / 2;
+ ckcapi_ReverseData(&kp->exponent2);
+ kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)];
+ kp->coefficient.size = modulus / 2;
+ ckcapi_ReverseData(&kp->coefficient);
loser:
- nss_ZFreeIf(buf);
- if (0 != hKey) {
- CryptDestroyKey(hKey);
- }
- return;
+ nss_ZFreeIf(buf);
+ if (0 != hKey) {
+ CryptDestroyKey(hKey);
+ }
+ return;
}
-
void
-ckcapi_PopulateModulusExponent
-(
- ckcapiInternalObject *io
-)
+ckcapi_PopulateModulusExponent(
+ ckcapiInternalObject *io)
{
- if (ckcapiCert == io->type) {
- ckcapi_CertPopulateModulusExponent(io);
- } else {
- ckcapi_FetchPublicKey(io);
- }
- return;
+ if (ckcapiCert == io->type) {
+ ckcapi_CertPopulateModulusExponent(io);
+ }
+ else {
+ ckcapi_FetchPublicKey(io);
+ }
+ return;
}
/*
* fetch the friendly name attribute.
* can only be called with ckcapiCert type objects!
*/
void
-ckcapi_FetchLabel
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchLabel(
+ ckcapiInternalObject *io)
{
- ckcapiCertObject *co = &io->u.cert;
- char *label;
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- char labelDataUTF16[128];
- DWORD size = sizeof(labelDataUTF16);
- DWORD size8 = sizeof(co->labelData);
- BOOL rv;
+ ckcapiCertObject *co = &io->u.cert;
+ char *label;
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ char labelDataUTF16[128];
+ DWORD size = sizeof(labelDataUTF16);
+ DWORD size8 = sizeof(co->labelData);
+ BOOL rv;
- rv = CertGetCertificateContextProperty(certContext,
- CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size);
- if (rv) {
- co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
- if ((CHAR *)NULL == co->labelData) {
- rv = 0;
- } else {
- size = strlen(co->labelData);
+ rv = CertGetCertificateContextProperty(certContext,
+ CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size);
+ if (rv) {
+ co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
+ if ((CHAR *)NULL == co->labelData) {
+ rv = 0;
+ }
+ else {
+ size = strlen(co->labelData);
+ }
}
- }
- label = co->labelData;
- /* we are presuming a user cert, make sure it has a nickname, even if
- * Microsoft never gave it one */
- if (!rv && co->hasID) {
- DWORD mserror = GetLastError();
+ label = co->labelData;
+ /* we are presuming a user cert, make sure it has a nickname, even if
+ * Microsoft never gave it one */
+ if (!rv && co->hasID) {
+ DWORD mserror = GetLastError();
#define DEFAULT_NICKNAME "no Microsoft nickname"
- label = DEFAULT_NICKNAME;
- size = sizeof(DEFAULT_NICKNAME);
- rv = 1;
- }
-
- if (rv) {
- co->label.data = label;
- co->label.size = size;
- }
- return;
+ label = DEFAULT_NICKNAME;
+ size = sizeof(DEFAULT_NICKNAME);
+ rv = 1;
+ }
+
+ if (rv) {
+ co->label.data = label;
+ co->label.size = size;
+ }
+ return;
}
void
-ckcapi_FetchSerial
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchSerial(
+ ckcapiInternalObject *io)
{
- ckcapiCertObject *co = &io->u.cert;
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- DWORD size = sizeof(co->derSerial);
+ ckcapiCertObject *co = &io->u.cert;
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ DWORD size = sizeof(co->derSerial);
- BOOL rc = CryptEncodeObject(X509_ASN_ENCODING,
- X509_MULTI_BYTE_INTEGER,
- &certContext->pCertInfo->SerialNumber,
- co->derSerial,
- &size);
- if (rc) {
- co->serial.data = co->derSerial;
- co->serial.size = size;
- }
- return;
+ BOOL rc = CryptEncodeObject(X509_ASN_ENCODING,
+ X509_MULTI_BYTE_INTEGER,
+ &certContext->pCertInfo->SerialNumber,
+ co->derSerial,
+ &size);
+ if (rc) {
+ co->serial.data = co->derSerial;
+ co->serial.size = size;
+ }
+ return;
}
/*
* fetch the key ID.
*/
void
-ckcapi_FetchID
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchID(
+ ckcapiInternalObject *io)
{
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- DWORD size = 0;
- BOOL rc;
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ DWORD size = 0;
+ BOOL rc;
- rc = CertGetCertificateContextProperty(certContext,
- CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
- if (!rc) {
+ rc = CertGetCertificateContextProperty(certContext,
+ CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+ if (!rc) {
+ return;
+ }
+ io->idData = nss_ZNEWARRAY(NULL, char, size);
+ if (io->idData == NULL) {
+ return;
+ }
+
+ rc = CertGetCertificateContextProperty(certContext,
+ CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size);
+ if (!rc) {
+ nss_ZFreeIf(io->idData);
+ io->idData = NULL;
+ return;
+ }
+ io->id.data = io->idData;
+ io->id.size = size;
return;
- }
- io->idData = nss_ZNEWARRAY(NULL, char, size);
- if (io->idData == NULL) {
- return;
- }
-
- rc = CertGetCertificateContextProperty(certContext,
- CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size);
- if (!rc) {
- nss_ZFreeIf(io->idData);
- io->idData = NULL;
- return;
- }
- io->id.data = io->idData;
- io->id.size = size;
- return;
}
/*
* fetch the hash key.
*/
void
-ckcapi_CertFetchHashKey
-(
- ckcapiInternalObject *io
-)
+ckcapi_CertFetchHashKey(
+ ckcapiInternalObject *io)
{
- ckcapiCertObject *co = &io->u.cert;
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- DWORD size = certContext->cbCertEncoded;
- DWORD max = sizeof(io->hashKeyData)-1;
- DWORD offset = 0;
+ ckcapiCertObject *co = &io->u.cert;
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ DWORD size = certContext->cbCertEncoded;
+ DWORD max = sizeof(io->hashKeyData) - 1;
+ DWORD offset = 0;
- /* make sure we don't over flow. NOTE: cutting the top of a cert is
- * not a big issue because the signature for will be unique for the cert */
- if (size > max) {
- offset = size - max;
- size = max;
- }
+ /* make sure we don't over flow. NOTE: cutting the top of a cert is
+ * not a big issue because the signature for will be unique for the cert */
+ if (size > max) {
+ offset = size - max;
+ size = max;
+ }
- nsslibc_memcpy(io->hashKeyData,certContext->pbCertEncoded+offset, size);
- io->hashKeyData[size] = (char)(io->objClass & 0xff);
+ nsslibc_memcpy(io->hashKeyData, certContext->pbCertEncoded + offset, size);
+ io->hashKeyData[size] = (char)(io->objClass & 0xff);
- io->hashKey.data = io->hashKeyData;
- io->hashKey.size = size+1;
- return;
+ io->hashKey.data = io->hashKeyData;
+ io->hashKey.size = size + 1;
+ return;
}
/*
* fetch the hash key.
*/
void
-ckcapi_KeyFetchHashKey
-(
- ckcapiInternalObject *io
-)
+ckcapi_KeyFetchHashKey(
+ ckcapiInternalObject *io)
{
- ckcapiKeyObject *ko = &io->u.key;
- DWORD size;
- DWORD max = sizeof(io->hashKeyData)-2;
- DWORD offset = 0;
- DWORD provLen = strlen(ko->provName);
- DWORD containerLen = strlen(ko->containerName);
+ ckcapiKeyObject *ko = &io->u.key;
+ DWORD size;
+ DWORD max = sizeof(io->hashKeyData) - 2;
+ DWORD offset = 0;
+ DWORD provLen = strlen(ko->provName);
+ DWORD containerLen = strlen(ko->containerName);
-
- size = provLen + containerLen;
+ size = provLen + containerLen;
- /* make sure we don't overflow, try to keep things unique */
- if (size > max) {
- DWORD diff = ((size - max)+1)/2;
- provLen -= diff;
- containerLen -= diff;
- size = provLen+containerLen;
- }
+ /* make sure we don't overflow, try to keep things unique */
+ if (size > max) {
+ DWORD diff = ((size - max) + 1) / 2;
+ provLen -= diff;
+ containerLen -= diff;
+ size = provLen + containerLen;
+ }
- nsslibc_memcpy(io->hashKeyData, ko->provName, provLen);
- nsslibc_memcpy(&io->hashKeyData[provLen],
- ko->containerName,
- containerLen);
- io->hashKeyData[size] = (char)(io->objClass & 0xff);
- io->hashKeyData[size+1] = (char)(ko->provInfo.dwKeySpec & 0xff);
+ nsslibc_memcpy(io->hashKeyData, ko->provName, provLen);
+ nsslibc_memcpy(&io->hashKeyData[provLen],
+ ko->containerName,
+ containerLen);
+ io->hashKeyData[size] = (char)(io->objClass & 0xff);
+ io->hashKeyData[size + 1] = (char)(ko->provInfo.dwKeySpec & 0xff);
- io->hashKey.data = io->hashKeyData;
- io->hashKey.size = size+2;
- return;
+ io->hashKey.data = io->hashKeyData;
+ io->hashKey.size = size + 2;
+ return;
}
/*
* fetch the hash key.
*/
void
-ckcapi_FetchHashKey
-(
- ckcapiInternalObject *io
-)
+ckcapi_FetchHashKey(
+ ckcapiInternalObject *io)
{
- if (ckcapiCert == io->type) {
- ckcapi_CertFetchHashKey(io);
- } else {
- ckcapi_KeyFetchHashKey(io);
- }
- return;
-}
-
-const NSSItem *
-ckcapi_FetchCertAttribute
-(
- ckcapiInternalObject *io,
- CK_ATTRIBUTE_TYPE type
-)
-{
- PCCERT_CONTEXT certContext = io->u.cert.certContext;
- switch(type) {
- case CKA_CLASS:
- return &ckcapi_certClassItem;
- case CKA_TOKEN:
- return &ckcapi_trueItem;
- case CKA_MODIFIABLE:
- case CKA_PRIVATE:
- return &ckcapi_falseItem;
- case CKA_CERTIFICATE_TYPE:
- return &ckcapi_x509Item;
- case CKA_LABEL:
- if (0 == io->u.cert.label.size) {
- ckcapi_FetchLabel(io);
+ if (ckcapiCert == io->type) {
+ ckcapi_CertFetchHashKey(io);
+ }
+ else {
+ ckcapi_KeyFetchHashKey(io);
}
- return &io->u.cert.label;
- case CKA_SUBJECT:
- if (0 == io->u.cert.subject.size) {
- io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
- io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
- }
- return &io->u.cert.subject;
- case CKA_ISSUER:
- if (0 == io->u.cert.issuer.size) {
- io->u.cert.issuer.data = certContext->pCertInfo->Issuer.pbData;
- io->u.cert.issuer.size = certContext->pCertInfo->Issuer.cbData;
- }
- return &io->u.cert.issuer;
- case CKA_SERIAL_NUMBER:
- if (0 == io->u.cert.serial.size) {
- /* not exactly right. This should be the encoded serial number, but
- * it's the decoded serial number! */
- ckcapi_FetchSerial(io);
+ return;
+}
+
+const NSSItem *
+ckcapi_FetchCertAttribute(
+ ckcapiInternalObject *io,
+ CK_ATTRIBUTE_TYPE type)
+{
+ PCCERT_CONTEXT certContext = io->u.cert.certContext;
+ switch (type) {
+ case CKA_CLASS:
+ return &ckcapi_certClassItem;
+ case CKA_TOKEN:
+ return &ckcapi_trueItem;
+ case CKA_MODIFIABLE:
+ case CKA_PRIVATE:
+ return &ckcapi_falseItem;
+ case CKA_CERTIFICATE_TYPE:
+ return &ckcapi_x509Item;
+ case CKA_LABEL:
+ if (0 == io->u.cert.label.size) {
+ ckcapi_FetchLabel(io);
+ }
+ return &io->u.cert.label;
+ case CKA_SUBJECT:
+ if (0 == io->u.cert.subject.size) {
+ io->u.cert.subject.data =
+ certContext->pCertInfo->Subject.pbData;
+ io->u.cert.subject.size =
+ certContext->pCertInfo->Subject.cbData;
+ }
+ return &io->u.cert.subject;
+ case CKA_ISSUER:
+ if (0 == io->u.cert.issuer.size) {
+ io->u.cert.issuer.data =
+ certContext->pCertInfo->Issuer.pbData;
+ io->u.cert.issuer.size =
+ certContext->pCertInfo->Issuer.cbData;
+ }
+ return &io->u.cert.issuer;
+ case CKA_SERIAL_NUMBER:
+ if (0 == io->u.cert.serial.size) {
+ /* not exactly right. This should be the encoded serial number, but
+ * it's the decoded serial number! */
+ ckcapi_FetchSerial(io);
+ }
+ return &io->u.cert.serial;
+ case CKA_VALUE:
+ if (0 == io->u.cert.derCert.size) {
+ io->u.cert.derCert.data =
+ io->u.cert.certContext->pbCertEncoded;
+ io->u.cert.derCert.size =
+ io->u.cert.certContext->cbCertEncoded;
+ }
+ return &io->u.cert.derCert;
+ case CKA_ID:
+ if (!io->u.cert.hasID) {
+ return NULL;
+ }
+ if (0 == io->id.size) {
+ ckcapi_FetchID(io);
+ }
+ return &io->id;
+ default:
+ break;
}
- return &io->u.cert.serial;
- case CKA_VALUE:
- if (0 == io->u.cert.derCert.size) {
- io->u.cert.derCert.data = io->u.cert.certContext->pbCertEncoded;
- io->u.cert.derCert.size = io->u.cert.certContext->cbCertEncoded;
- }
- return &io->u.cert.derCert;
- case CKA_ID:
- if (!io->u.cert.hasID) {
- return NULL;
- }
- if (0 == io->id.size) {
- ckcapi_FetchID(io);
- }
- return &io->id;
- default:
- break;
- }
- return NULL;
+ return NULL;
}
const NSSItem *
-ckcapi_FetchPubKeyAttribute
-(
- ckcapiInternalObject *io,
- CK_ATTRIBUTE_TYPE type
-)
+ckcapi_FetchPubKeyAttribute(
+ ckcapiInternalObject *io,
+ CK_ATTRIBUTE_TYPE type)
{
- PRBool isCertType = (ckcapiCert == io->type);
- ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
-
- switch(type) {
- case CKA_CLASS:
- return &ckcapi_pubKeyClassItem;
- case CKA_TOKEN:
- case CKA_LOCAL:
- case CKA_ENCRYPT:
- case CKA_VERIFY:
- case CKA_VERIFY_RECOVER:
- return &ckcapi_trueItem;
- case CKA_PRIVATE:
- case CKA_MODIFIABLE:
- case CKA_DERIVE:
- case CKA_WRAP:
- return &ckcapi_falseItem;
- case CKA_KEY_TYPE:
- return &ckcapi_rsaItem;
- case CKA_LABEL:
- if (!isCertType) {
- return &ckcapi_emptyItem;
+ PRBool isCertType = (ckcapiCert == io->type);
+ ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+
+ switch (type) {
+ case CKA_CLASS:
+ return &ckcapi_pubKeyClassItem;
+ case CKA_TOKEN:
+ case CKA_LOCAL:
+ case CKA_ENCRYPT:
+ case CKA_VERIFY:
+ case CKA_VERIFY_RECOVER:
+ return &ckcapi_trueItem;
+ case CKA_PRIVATE:
+ case CKA_MODIFIABLE:
+ case CKA_DERIVE:
+ case CKA_WRAP:
+ return &ckcapi_falseItem;
+ case CKA_KEY_TYPE:
+ return &ckcapi_rsaItem;
+ case CKA_LABEL:
+ if (!isCertType) {
+ return &ckcapi_emptyItem;
+ }
+ if (0 == io->u.cert.label.size) {
+ ckcapi_FetchLabel(io);
+ }
+ return &io->u.cert.label;
+ case CKA_SUBJECT:
+ if (!isCertType) {
+ return &ckcapi_emptyItem;
+ }
+ if (0 == io->u.cert.subject.size) {
+ PCCERT_CONTEXT certContext =
+ io->u.cert.certContext;
+ io->u.cert.subject.data =
+ certContext->pCertInfo->Subject.pbData;
+ io->u.cert.subject.size =
+ certContext->pCertInfo->Subject.cbData;
+ }
+ return &io->u.cert.subject;
+ case CKA_MODULUS:
+ if (0 == kp->modulus.size) {
+ ckcapi_PopulateModulusExponent(io);
+ }
+ return &kp->modulus;
+ case CKA_PUBLIC_EXPONENT:
+ if (0 == kp->modulus.size) {
+ ckcapi_PopulateModulusExponent(io);
+ }
+ return &kp->exponent;
+ case CKA_ID:
+ if (0 == io->id.size) {
+ ckcapi_FetchID(io);
+ }
+ return &io->id;
+ default:
+ break;
}
- if (0 == io->u.cert.label.size) {
- ckcapi_FetchLabel(io);
- }
- return &io->u.cert.label;
- case CKA_SUBJECT:
- if (!isCertType) {
- return &ckcapi_emptyItem;
- }
- if (0 == io->u.cert.subject.size) {
- PCCERT_CONTEXT certContext= io->u.cert.certContext;
- io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
- io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
- }
- return &io->u.cert.subject;
- case CKA_MODULUS:
- if (0 == kp->modulus.size) {
- ckcapi_PopulateModulusExponent(io);
- }
- return &kp->modulus;
- case CKA_PUBLIC_EXPONENT:
- if (0 == kp->modulus.size) {
- ckcapi_PopulateModulusExponent(io);
- }
- return &kp->exponent;
- case CKA_ID:
- if (0 == io->id.size) {
- ckcapi_FetchID(io);
- }
- return &io->id;
- default:
- break;
- }
- return NULL;
+ return NULL;
}
const NSSItem *
-ckcapi_FetchPrivKeyAttribute
-(
- ckcapiInternalObject *io,
- CK_ATTRIBUTE_TYPE type
-)
+ckcapi_FetchPrivKeyAttribute(
+ ckcapiInternalObject *io,
+ CK_ATTRIBUTE_TYPE type)
{
- PRBool isCertType = (ckcapiCert == io->type);
- ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+ PRBool isCertType = (ckcapiCert == io->type);
+ ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
- switch(type) {
- case CKA_CLASS:
- return &ckcapi_privKeyClassItem;
- case CKA_TOKEN:
- case CKA_LOCAL:
- case CKA_SIGN:
- case CKA_DECRYPT:
- case CKA_SIGN_RECOVER:
- return &ckcapi_trueItem;
- case CKA_SENSITIVE:
- case CKA_PRIVATE: /* should move in the future */
- case CKA_MODIFIABLE:
- case CKA_DERIVE:
- case CKA_UNWRAP:
- case CKA_EXTRACTABLE: /* will probably move in the future */
- case CKA_ALWAYS_SENSITIVE:
- case CKA_NEVER_EXTRACTABLE:
- return &ckcapi_falseItem;
- case CKA_KEY_TYPE:
- return &ckcapi_rsaItem;
- case CKA_LABEL:
- if (!isCertType) {
- return &ckcapi_emptyItem;
- }
- if (0 == io->u.cert.label.size) {
- ckcapi_FetchLabel(io);
- }
- return &io->u.cert.label;
- case CKA_SUBJECT:
- if (!isCertType) {
- return &ckcapi_emptyItem;
- }
- if (0 == io->u.cert.subject.size) {
- PCCERT_CONTEXT certContext= io->u.cert.certContext;
- io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
- io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
+ switch (type) {
+ case CKA_CLASS:
+ return &ckcapi_privKeyClassItem;
+ case CKA_TOKEN:
+ case CKA_LOCAL:
+ case CKA_SIGN:
+ case CKA_DECRYPT:
+ case CKA_SIGN_RECOVER:
+ return &ckcapi_trueItem;
+ case CKA_SENSITIVE:
+ case CKA_PRIVATE: /* should move in the future */
+ case CKA_MODIFIABLE:
+ case CKA_DERIVE:
+ case CKA_UNWRAP:
+ case CKA_EXTRACTABLE: /* will probably move in the future */
+ case CKA_ALWAYS_SENSITIVE:
+ case CKA_NEVER_EXTRACTABLE:
+ return &ckcapi_falseItem;
+ case CKA_KEY_TYPE:
+ return &ckcapi_rsaItem;
+ case CKA_LABEL:
+ if (!isCertType) {
+ return &ckcapi_emptyItem;
+ }
+ if (0 == io->u.cert.label.size) {
+ ckcapi_FetchLabel(io);
+ }
+ return &io->u.cert.label;
+ case CKA_SUBJECT:
+ if (!isCertType) {
+ return &ckcapi_emptyItem;
+ }
+ if (0 == io->u.cert.subject.size) {
+ PCCERT_CONTEXT certContext =
+ io->u.cert.certContext;
+ io->u.cert.subject.data =
+ certContext->pCertInfo->Subject.pbData;
+ io->u.cert.subject.size =
+ certContext->pCertInfo->Subject.cbData;
+ }
+ return &io->u.cert.subject;
+ case CKA_MODULUS:
+ if (0 == kp->modulus.size) {
+ ckcapi_PopulateModulusExponent(io);
+ }
+ return &kp->modulus;
+ case CKA_PUBLIC_EXPONENT:
+ if (0 == kp->modulus.size) {
+ ckcapi_PopulateModulusExponent(io);
+ }
+ return &kp->exponent;
+ case CKA_PRIVATE_EXPONENT:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->privateExponent;
+ case CKA_PRIME_1:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->prime1;
+ case CKA_PRIME_2:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->prime2;
+ case CKA_EXPONENT_1:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->exponent1;
+ case CKA_EXPONENT_2:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->exponent2;
+ case CKA_COEFFICIENT:
+ if (0 == kp->privateExponent.size) {
+ ckcapi_FetchPrivateKey(io);
+ }
+ return &kp->coefficient;
+ case CKA_ID:
+ if (0 == io->id.size) {
+ ckcapi_FetchID(io);
+ }
+ return &io->id;
+ default:
+ return NULL;
}
- return &io->u.cert.subject;
- case CKA_MODULUS:
- if (0 == kp->modulus.size) {
- ckcapi_PopulateModulusExponent(io);
- }
- return &kp->modulus;
- case CKA_PUBLIC_EXPONENT:
- if (0 == kp->modulus.size) {
- ckcapi_PopulateModulusExponent(io);
- }
- return &kp->exponent;
- case CKA_PRIVATE_EXPONENT:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->privateExponent;
- case CKA_PRIME_1:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->prime1;
- case CKA_PRIME_2:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->prime2;
- case CKA_EXPONENT_1:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->exponent1;
- case CKA_EXPONENT_2:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->exponent2;
- case CKA_COEFFICIENT:
- if (0 == kp->privateExponent.size) {
- ckcapi_FetchPrivateKey(io);
- }
- return &kp->coefficient;
- case CKA_ID:
- if (0 == io->id.size) {
- ckcapi_FetchID(io);
- }
- return &io->id;
- default:
- return NULL;
- }
}
const NSSItem *
-nss_ckcapi_FetchAttribute
-(
- ckcapiInternalObject *io,
- CK_ATTRIBUTE_TYPE type
-)
+nss_ckcapi_FetchAttribute(
+ ckcapiInternalObject *io,
+ CK_ATTRIBUTE_TYPE type)
{
- CK_ULONG i;
+ CK_ULONG i;
- if (io->type == ckcapiRaw) {
- for( i = 0; i < io->u.raw.n; i++ ) {
- if( type == io->u.raw.types[i] ) {
- return &io->u.raw.items[i];
- }
+ if (io->type == ckcapiRaw) {
+ for (i = 0; i < io->u.raw.n; i++) {
+ if (type == io->u.raw.types[i]) {
+ return &io->u.raw.items[i];
+ }
+ }
+ return NULL;
+ }
+ /* deal with the common attributes */
+ switch (io->objClass) {
+ case CKO_CERTIFICATE:
+ return ckcapi_FetchCertAttribute(io, type);
+ case CKO_PRIVATE_KEY:
+ return ckcapi_FetchPrivKeyAttribute(io, type);
+ case CKO_PUBLIC_KEY:
+ return ckcapi_FetchPubKeyAttribute(io, type);
}
return NULL;
- }
- /* deal with the common attributes */
- switch (io->objClass) {
- case CKO_CERTIFICATE:
- return ckcapi_FetchCertAttribute(io, type);
- case CKO_PRIVATE_KEY:
- return ckcapi_FetchPrivKeyAttribute(io, type);
- case CKO_PUBLIC_KEY:
- return ckcapi_FetchPubKeyAttribute(io, type);
- }
- return NULL;
}
/*
* check to see if the certificate already exists
*/
static PRBool
ckcapi_cert_exists(
- NSSItem *value,
- ckcapiInternalObject **io
-)
+ NSSItem *value,
+ ckcapiInternalObject **io)
{
- int count,i;
- PRUint32 size = 0;
- ckcapiInternalObject **listp = NULL;
- CK_ATTRIBUTE myTemplate[2];
- CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
- CK_ULONG templateCount = 2;
- CK_RV error;
- PRBool found = PR_FALSE;
+ int count, i;
+ PRUint32 size = 0;
+ ckcapiInternalObject **listp = NULL;
+ CK_ATTRIBUTE myTemplate[2];
+ CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
+ CK_ULONG templateCount = 2;
+ CK_RV error;
+ PRBool found = PR_FALSE;
- myTemplate[0].type = CKA_CLASS;
- myTemplate[0].pValue = &cert_class;
- myTemplate[0].ulValueLen = sizeof(cert_class);
- myTemplate[1].type = CKA_VALUE;
- myTemplate[1].pValue = value->data;
- myTemplate[1].ulValueLen = value->size;
+ myTemplate[0].type = CKA_CLASS;
+ myTemplate[0].pValue = &cert_class;
+ myTemplate[0].ulValueLen = sizeof(cert_class);
+ myTemplate[1].type = CKA_VALUE;
+ myTemplate[1].pValue = value->data;
+ myTemplate[1].ulValueLen = value->size;
- count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp,
- &size, 0, &error);
+ count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp,
+ &size, 0, &error);
- /* free them */
- if (count > 1) {
- *io = listp[0];
- found = PR_TRUE;
- }
-
- for (i=1; i < count; i++) {
- nss_ckcapi_DestroyInternalObject(listp[i]);
- }
- nss_ZFreeIf(listp);
- return found;
+ /* free them */
+ if (count > 1) {
+ *io = listp[0];
+ found = PR_TRUE;
+ }
+
+ for (i = 1; i < count; i++) {
+ nss_ckcapi_DestroyInternalObject(listp[i]);
+ }
+ nss_ZFreeIf(listp);
+ return found;
}
static PRBool
-ckcapi_cert_hasEmail
-(
- PCCERT_CONTEXT certContext
-)
+ckcapi_cert_hasEmail(
+ PCCERT_CONTEXT certContext)
{
- int count;
+ int count;
- count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE,
- 0, NULL, NULL, 0);
+ count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE,
+ 0, NULL, NULL, 0);
- return count > 1 ? PR_TRUE : PR_FALSE;
+ return count > 1 ? PR_TRUE : PR_FALSE;
}
static PRBool
-ckcapi_cert_isRoot
-(
- PCCERT_CONTEXT certContext
-)
+ckcapi_cert_isRoot(
+ PCCERT_CONTEXT certContext)
{
- return CertCompareCertificateName(certContext->dwCertEncodingType,
- &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject);
+ return CertCompareCertificateName(certContext->dwCertEncodingType,
+ &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject);
}
static PRBool
-ckcapi_cert_isCA
-(
- PCCERT_CONTEXT certContext
-)
+ckcapi_cert_isCA(
+ PCCERT_CONTEXT certContext)
{
- PCERT_EXTENSION extension;
- CERT_BASIC_CONSTRAINTS2_INFO basicInfo;
- DWORD size = sizeof(basicInfo);
- BOOL rc;
+ PCERT_EXTENSION extension;
+ CERT_BASIC_CONSTRAINTS2_INFO basicInfo;
+ DWORD size = sizeof(basicInfo);
+ BOOL rc;
- extension = CertFindExtension (szOID_BASIC_CONSTRAINTS,
- certContext->pCertInfo->cExtension,
- certContext->pCertInfo->rgExtension);
- if ((PCERT_EXTENSION) NULL == extension ) {
- return PR_FALSE;
- }
- rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2,
- extension->Value.pbData, extension->Value.cbData,
- 0, &basicInfo, &size);
- if (!rc) {
- return PR_FALSE;
- }
- return (PRBool) basicInfo.fCA;
+ extension = CertFindExtension(szOID_BASIC_CONSTRAINTS,
+ certContext->pCertInfo->cExtension,
+ certContext->pCertInfo->rgExtension);
+ if ((PCERT_EXTENSION)NULL == extension) {
+ return PR_FALSE;
+ }
+ rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2,
+ extension->Value.pbData, extension->Value.cbData,
+ 0, &basicInfo, &size);
+ if (!rc) {
+ return PR_FALSE;
+ }
+ return (PRBool)basicInfo.fCA;
}
static CRYPT_KEY_PROV_INFO *
-ckcapi_cert_getPrivateKeyInfo
-(
- PCCERT_CONTEXT certContext,
- NSSItem *keyID
-)
+ckcapi_cert_getPrivateKeyInfo(
+ PCCERT_CONTEXT certContext,
+ NSSItem *keyID)
{
- BOOL rc;
- CRYPT_HASH_BLOB msKeyID;
- DWORD size = 0;
- CRYPT_KEY_PROV_INFO *prov = NULL;
+ BOOL rc;
+ CRYPT_HASH_BLOB msKeyID;
+ DWORD size = 0;
+ CRYPT_KEY_PROV_INFO *prov = NULL;
- msKeyID.cbData = keyID->size;
- msKeyID.pbData = keyID->data;
+ msKeyID.cbData = keyID->size;
+ msKeyID.pbData = keyID->data;
- rc = CryptGetKeyIdentifierProperty(
- &msKeyID,
- CERT_KEY_PROV_INFO_PROP_ID,
- 0, NULL, NULL, NULL, &size);
- if (!rc) {
- return (CRYPT_KEY_PROV_INFO *)NULL;
- }
- prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
- if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
- return (CRYPT_KEY_PROV_INFO *) NULL;
- }
- rc = CryptGetKeyIdentifierProperty(
- &msKeyID,
- CERT_KEY_PROV_INFO_PROP_ID,
- 0, NULL, NULL, prov, &size);
- if (!rc) {
- nss_ZFreeIf(prov);
- return (CRYPT_KEY_PROV_INFO *)NULL;
- }
-
- return prov;
+ rc = CryptGetKeyIdentifierProperty(
+ &msKeyID,
+ CERT_KEY_PROV_INFO_PROP_ID,
+ 0, NULL, NULL, NULL, &size);
+ if (!rc) {
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
+ prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+ if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
+ rc = CryptGetKeyIdentifierProperty(
+ &msKeyID,
+ CERT_KEY_PROV_INFO_PROP_ID,
+ 0, NULL, NULL, prov, &size);
+ if (!rc) {
+ nss_ZFreeIf(prov);
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
+
+ return prov;
}
static CRYPT_KEY_PROV_INFO *
-ckcapi_cert_getProvInfo
-(
- ckcapiInternalObject *io
-)
+ckcapi_cert_getProvInfo(
+ ckcapiInternalObject *io)
{
- BOOL rc;
- DWORD size = 0;
- CRYPT_KEY_PROV_INFO *prov = NULL;
+ BOOL rc;
+ DWORD size = 0;
+ CRYPT_KEY_PROV_INFO *prov = NULL;
- rc = CertGetCertificateContextProperty(
- io->u.cert.certContext,
- CERT_KEY_PROV_INFO_PROP_ID,
- NULL, &size);
- if (!rc) {
- return (CRYPT_KEY_PROV_INFO *)NULL;
- }
- prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
- if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
- return (CRYPT_KEY_PROV_INFO *) NULL;
- }
- rc = CertGetCertificateContextProperty(
- io->u.cert.certContext,
- CERT_KEY_PROV_INFO_PROP_ID,
- prov, &size);
- if (!rc) {
- nss_ZFreeIf(prov);
- return (CRYPT_KEY_PROV_INFO *)NULL;
- }
+ rc = CertGetCertificateContextProperty(
+ io->u.cert.certContext,
+ CERT_KEY_PROV_INFO_PROP_ID,
+ NULL, &size);
+ if (!rc) {
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
+ prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+ if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
+ rc = CertGetCertificateContextProperty(
+ io->u.cert.certContext,
+ CERT_KEY_PROV_INFO_PROP_ID,
+ prov, &size);
+ if (!rc) {
+ nss_ZFreeIf(prov);
+ return (CRYPT_KEY_PROV_INFO *)NULL;
+ }
- return prov;
+ return prov;
}
-
+
/* forward declaration */
static void
-ckcapi_removeObjectFromHash
-(
- ckcapiInternalObject *io
-);
+ckcapi_removeObjectFromHash(
+ ckcapiInternalObject *io);
/*
* Finalize - unneeded
- * Destroy
+ * Destroy
* IsTokenObject - CK_TRUE
* GetAttributeCount
* GetAttributeTypes
* GetAttributeSize
* GetAttribute
* SetAttribute
* GetObjectSize
*/
static CK_RV
-ckcapi_mdObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdObject_Destroy(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- CK_OBJECT_CLASS objClass;
- BOOL rc;
- DWORD provType;
- DWORD msError;
- PRBool isCertType = (PRBool)(ckcapiCert == io->type);
- HCERTSTORE hStore = 0;
-
- if (ckcapiRaw == io->type) {
- /* there is not 'object write protected' error, use the next best thing */
- return CKR_TOKEN_WRITE_PROTECTED;
- }
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ CK_OBJECT_CLASS objClass;
+ BOOL rc;
+ DWORD provType;
+ DWORD msError;
+ PRBool isCertType = (PRBool)(ckcapiCert == io->type);
+ HCERTSTORE hStore = 0;
- objClass = io->objClass;
- if (CKO_CERTIFICATE == objClass) {
- PCCERT_CONTEXT certContext;
-
- /* get the store */
- hStore = CertOpenSystemStore(0, io->u.cert.certStore);
- if (0 == hStore) {
- rc = 0;
- goto loser;
- }
- certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0,
- CERT_FIND_EXISTING, io->u.cert.certContext, NULL);
- if ((PCCERT_CONTEXT)NULL == certContext) {
- rc = 0;
- goto loser;
- }
- rc = CertDeleteCertificateFromStore(certContext);
- } else {
- char *provName = NULL;
- char *containerName = NULL;
- HCRYPTPROV hProv;
- CRYPT_HASH_BLOB msKeyID;
-
- if (0 == io->id.size) {
- ckcapi_FetchID(io);
+ if (ckcapiRaw == io->type) {
+ /* there is not 'object write protected' error, use the next best thing */
+ return CKR_TOKEN_WRITE_PROTECTED;
}
- if (isCertType) {
- CRYPT_KEY_PROV_INFO * provInfo = ckcapi_cert_getProvInfo(io);
- provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName);
- containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
- provType = provInfo->dwProvType;
- nss_ZFreeIf(provInfo);
- } else {
- provName = io->u.key.provName;
- containerName = io->u.key.containerName;
- provType = io->u.key.provInfo.dwProvType;
- io->u.key.provName = NULL;
- io->u.key.containerName = NULL;
+ objClass = io->objClass;
+ if (CKO_CERTIFICATE == objClass) {
+ PCCERT_CONTEXT certContext;
+
+ /* get the store */
+ hStore = CertOpenSystemStore(0, io->u.cert.certStore);
+ if (0 == hStore) {
+ rc = 0;
+ goto loser;
+ }
+ certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0,
+ CERT_FIND_EXISTING, io->u.cert.certContext, NULL);
+ if ((PCCERT_CONTEXT)NULL == certContext) {
+ rc = 0;
+ goto loser;
+ }
+ rc = CertDeleteCertificateFromStore(certContext);
}
- /* first remove the key id pointer */
- msKeyID.cbData = io->id.size;
- msKeyID.pbData = io->id.data;
- rc = CryptSetKeyIdentifierProperty(&msKeyID,
- CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL);
- if (rc) {
- rc = CryptAcquireContext(&hProv, containerName, provName, provType,
- CRYPT_DELETEKEYSET);
+ else {
+ char *provName = NULL;
+ char *containerName = NULL;
+ HCRYPTPROV hProv;
+ CRYPT_HASH_BLOB msKeyID;
+
+ if (0 == io->id.size) {
+ ckcapi_FetchID(io);
+ }
+
+ if (isCertType) {
+ CRYPT_KEY_PROV_INFO *provInfo = ckcapi_cert_getProvInfo(io);
+ provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName);
+ containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
+ provType = provInfo->dwProvType;
+ nss_ZFreeIf(provInfo);
+ }
+ else {
+ provName = io->u.key.provName;
+ containerName = io->u.key.containerName;
+ provType = io->u.key.provInfo.dwProvType;
+ io->u.key.provName = NULL;
+ io->u.key.containerName = NULL;
+ }
+ /* first remove the key id pointer */
+ msKeyID.cbData = io->id.size;
+ msKeyID.pbData = io->id.data;
+ rc = CryptSetKeyIdentifierProperty(&msKeyID,
+ CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL);
+ if (rc) {
+ rc = CryptAcquireContext(&hProv, containerName, provName, provType,
+ CRYPT_DELETEKEYSET);
+ }
+ nss_ZFreeIf(provName);
+ nss_ZFreeIf(containerName);
}
- nss_ZFreeIf(provName);
- nss_ZFreeIf(containerName);
- }
loser:
- if (hStore) {
- CertCloseStore(hStore, 0);
- }
- if (!rc) {
- msError = GetLastError();
- return CKR_GENERAL_ERROR;
- }
+ if (hStore) {
+ CertCloseStore(hStore, 0);
+ }
+ if (!rc) {
+ msError = GetLastError();
+ return CKR_GENERAL_ERROR;
+ }
- /* remove it from the hash */
- ckcapi_removeObjectFromHash(io);
+ /* remove it from the hash */
+ ckcapi_removeObjectFromHash(io);
- /* free the puppy.. */
- nss_ckcapi_DestroyInternalObject(io);
- return CKR_OK;
+ /* free the puppy.. */
+ nss_ckcapi_DestroyInternalObject(io);
+ return CKR_OK;
}
static CK_BBOOL
-ckcapi_mdObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdObject_IsTokenObject(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_ULONG
-ckcapi_mdObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdObject_GetAttributeCount(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- if (ckcapiRaw == io->type) {
- return io->u.raw.n;
- }
- switch (io->objClass) {
- case CKO_CERTIFICATE:
- return certAttrsCount;
- case CKO_PUBLIC_KEY:
- return pubKeyAttrsCount;
- case CKO_PRIVATE_KEY:
- return privKeyAttrsCount;
- default:
- break;
- }
- return 0;
+ if (ckcapiRaw == io->type) {
+ return io->u.raw.n;
+ }
+ switch (io->objClass) {
+ case CKO_CERTIFICATE:
+ return certAttrsCount;
+ case CKO_PUBLIC_KEY:
+ return pubKeyAttrsCount;
+ case CKO_PRIVATE_KEY:
+ return privKeyAttrsCount;
+ default:
+ break;
+ }
+ return 0;
}
static CK_RV
-ckcapi_mdObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+ckcapi_mdObject_GetAttributeTypes(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- CK_ULONG i;
- CK_RV error = CKR_OK;
- const CK_ATTRIBUTE_TYPE *attrs = NULL;
- CK_ULONG size = ckcapi_mdObject_GetAttributeCount(
- mdObject, fwObject, mdSession, fwSession,
- mdToken, fwToken, mdInstance, fwInstance, &error);
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ CK_ULONG i;
+ CK_RV error = CKR_OK;
+ const CK_ATTRIBUTE_TYPE *attrs = NULL;
+ CK_ULONG size = ckcapi_mdObject_GetAttributeCount(
+ mdObject, fwObject, mdSession, fwSession,
+ mdToken, fwToken, mdInstance, fwInstance, &error);
- if( size != ulCount ) {
- return CKR_BUFFER_TOO_SMALL;
- }
- if (io->type == ckcapiRaw) {
- attrs = io->u.raw.types;
- } else switch(io->objClass) {
- case CKO_CERTIFICATE:
- attrs = certAttrs;
- break;
- case CKO_PUBLIC_KEY:
- attrs = pubKeyAttrs;
- break;
- case CKO_PRIVATE_KEY:
- attrs = privKeyAttrs;
- break;
- default:
- return CKR_OK;
- }
-
- for( i = 0; i < size; i++) {
- typeArray[i] = attrs[i];
- }
+ if (size != ulCount) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ if (io->type == ckcapiRaw) {
+ attrs = io->u.raw.types;
+ }
+ else
+ switch (io->objClass) {
+ case CKO_CERTIFICATE:
+ attrs =
+ certAttrs;
+ break;
+ case CKO_PUBLIC_KEY:
+ attrs =
+ pubKeyAttrs;
+ break;
+ case CKO_PRIVATE_KEY:
+ attrs =
+ privKeyAttrs;
+ break;
+ default:
+ return CKR_OK;
+ }
- return CKR_OK;
+ for (i = 0; i < size; i++) {
+ typeArray[i] = attrs[i];
+ }
+
+ return CKR_OK;
}
static CK_ULONG
-ckcapi_mdObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+ckcapi_mdObject_GetAttributeSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- const NSSItem *b;
+ const NSSItem *b;
- b = nss_ckcapi_FetchAttribute(io, attribute);
+ b = nss_ckcapi_FetchAttribute(io, attribute);
- if ((const NSSItem *)NULL == b) {
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
- }
- return b->size;
+ if ((const NSSItem *)NULL == b) {
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return 0;
+ }
+ return b->size;
}
static CK_RV
-ckcapi_mdObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
+ckcapi_mdObject_SetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value)
{
- return CKR_OK;
+ return CKR_OK;
}
static NSSCKFWItem
-ckcapi_mdObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+ckcapi_mdObject_GetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- NSSCKFWItem mdItem;
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ NSSCKFWItem mdItem;
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- mdItem.needsFreeing = PR_FALSE;
- mdItem.item = (NSSItem*)nss_ckcapi_FetchAttribute(io, attribute);
+ mdItem.needsFreeing = PR_FALSE;
+ mdItem.item = (NSSItem *)nss_ckcapi_FetchAttribute(io, attribute);
- if ((NSSItem *)NULL == mdItem.item) {
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- }
+ if ((NSSItem *)NULL == mdItem.item) {
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ }
- return mdItem;
+ return mdItem;
}
static CK_ULONG
-ckcapi_mdObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdObject_GetObjectSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
- CK_ULONG rv = 1;
+ ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+ CK_ULONG rv = 1;
- /* size is irrelevant to this token */
- return rv;
+ /* size is irrelevant to this token */
+ return rv;
}
static const NSSCKMDObject
-ckcapi_prototype_mdObject = {
- (void *)NULL, /* etc */
- NULL, /* Finalize */
- ckcapi_mdObject_Destroy,
- ckcapi_mdObject_IsTokenObject,
- ckcapi_mdObject_GetAttributeCount,
- ckcapi_mdObject_GetAttributeTypes,
- ckcapi_mdObject_GetAttributeSize,
- ckcapi_mdObject_GetAttribute,
- NULL, /* FreeAttribute */
- ckcapi_mdObject_SetAttribute,
- ckcapi_mdObject_GetObjectSize,
- (void *)NULL /* null terminator */
-};
+ ckcapi_prototype_mdObject = {
+ (void *)NULL, /* etc */
+ NULL, /* Finalize */
+ ckcapi_mdObject_Destroy,
+ ckcapi_mdObject_IsTokenObject,
+ ckcapi_mdObject_GetAttributeCount,
+ ckcapi_mdObject_GetAttributeTypes,
+ ckcapi_mdObject_GetAttributeSize,
+ ckcapi_mdObject_GetAttribute,
+ NULL, /* FreeAttribute */
+ ckcapi_mdObject_SetAttribute,
+ ckcapi_mdObject_GetObjectSize,
+ (void *)NULL /* null terminator */
+ };
static nssHash *ckcapiInternalObjectHash = NULL;
NSS_IMPLEMENT NSSCKMDObject *
-nss_ckcapi_CreateMDObject
-(
- NSSArena *arena,
- ckcapiInternalObject *io,
- CK_RV *pError
-)
+nss_ckcapi_CreateMDObject(
+ NSSArena *arena,
+ ckcapiInternalObject *io,
+ CK_RV *pError)
{
- if ((nssHash *)NULL == ckcapiInternalObjectHash) {
- ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10);
- }
- if (ckcapiCert == io->type) {
- /* the hash key, not a cryptographic key */
- NSSItem *key = &io->hashKey;
- ckcapiInternalObject *old_o = NULL;
+ if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+ ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10);
+ }
+ if (ckcapiCert == io->type) {
+ /* the hash key, not a cryptographic key */
+ NSSItem *key = &io->hashKey;
+ ckcapiInternalObject *old_o = NULL;
- if (key->size == 0) {
- ckcapi_FetchHashKey(io);
+ if (key->size == 0) {
+ ckcapi_FetchHashKey(io);
+ }
+ old_o = (ckcapiInternalObject *)
+ nssHash_Lookup(ckcapiInternalObjectHash, key);
+ if (!old_o) {
+ nssHash_Add(ckcapiInternalObjectHash, key, io);
+ }
+ else if (old_o != io) {
+ nss_ckcapi_DestroyInternalObject(io);
+ io = old_o;
+ }
}
- old_o = (ckcapiInternalObject *)
- nssHash_Lookup(ckcapiInternalObjectHash, key);
- if (!old_o) {
- nssHash_Add(ckcapiInternalObjectHash, key, io);
- } else if (old_o != io) {
- nss_ckcapi_DestroyInternalObject(io);
- io = old_o;
+
+ if ((void *)NULL == io->mdObject.etc) {
+ (void)nsslibc_memcpy(&io->mdObject, &ckcapi_prototype_mdObject,
+ sizeof(ckcapi_prototype_mdObject));
+ io->mdObject.etc = (void *)io;
}
- }
-
- if ( (void*)NULL == io->mdObject.etc) {
- (void) nsslibc_memcpy(&io->mdObject,&ckcapi_prototype_mdObject,
- sizeof(ckcapi_prototype_mdObject));
- io->mdObject.etc = (void *)io;
- }
- return &io->mdObject;
+ return &io->mdObject;
}
static void
-ckcapi_removeObjectFromHash
-(
- ckcapiInternalObject *io
-)
+ckcapi_removeObjectFromHash(
+ ckcapiInternalObject *io)
{
- NSSItem *key = &io->hashKey;
+ NSSItem *key = &io->hashKey;
- if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+ if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+ return;
+ }
+ if (key->size == 0) {
+ ckcapi_FetchHashKey(io);
+ }
+ nssHash_Remove(ckcapiInternalObjectHash, key);
return;
- }
- if (key->size == 0) {
- ckcapi_FetchHashKey(io);
- }
- nssHash_Remove(ckcapiInternalObjectHash, key);
- return;
}
void
-nss_ckcapi_DestroyInternalObject
-(
- ckcapiInternalObject *io
-)
+nss_ckcapi_DestroyInternalObject(
+ ckcapiInternalObject *io)
{
- switch (io->type) {
- case ckcapiRaw:
+ switch (io->type) {
+ case ckcapiRaw:
+ return;
+ case ckcapiCert:
+ CertFreeCertificateContext(io->u.cert.certContext);
+ nss_ZFreeIf(io->u.cert.labelData);
+ nss_ZFreeIf(io->u.cert.key.privateKey);
+ nss_ZFreeIf(io->u.cert.key.pubKey);
+ nss_ZFreeIf(io->idData);
+ break;
+ case ckcapiBareKey:
+ nss_ZFreeIf(io->u.key.provInfo.pwszContainerName);
+ nss_ZFreeIf(io->u.key.provInfo.pwszProvName);
+ nss_ZFreeIf(io->u.key.provName);
+ nss_ZFreeIf(io->u.key.containerName);
+ nss_ZFreeIf(io->u.key.key.privateKey);
+ nss_ZFreeIf(io->u.key.key.pubKey);
+ if (0 != io->u.key.hProv) {
+ CryptReleaseContext(io->u.key.hProv, 0);
+ }
+ nss_ZFreeIf(io->idData);
+ break;
+ }
+ nss_ZFreeIf(io);
return;
- case ckcapiCert:
- CertFreeCertificateContext(io->u.cert.certContext);
- nss_ZFreeIf(io->u.cert.labelData);
- nss_ZFreeIf(io->u.cert.key.privateKey);
- nss_ZFreeIf(io->u.cert.key.pubKey);
- nss_ZFreeIf(io->idData);
- break;
- case ckcapiBareKey:
- nss_ZFreeIf(io->u.key.provInfo.pwszContainerName);
- nss_ZFreeIf(io->u.key.provInfo.pwszProvName);
- nss_ZFreeIf(io->u.key.provName);
- nss_ZFreeIf(io->u.key.containerName);
- nss_ZFreeIf(io->u.key.key.privateKey);
- nss_ZFreeIf(io->u.key.key.pubKey);
- if (0 != io->u.key.hProv) {
- CryptReleaseContext(io->u.key.hProv, 0);
- }
- nss_ZFreeIf(io->idData);
- break;
- }
- nss_ZFreeIf(io);
- return;
}
static ckcapiInternalObject *
-nss_ckcapi_CreateCertificate
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_ckcapi_CreateCertificate(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSItem value;
- NSSItem keyID;
- char *storeStr;
- ckcapiInternalObject *io = NULL;
- PCCERT_CONTEXT certContext = NULL;
- PCCERT_CONTEXT storedCertContext = NULL;
- CRYPT_KEY_PROV_INFO *prov_info = NULL;
- char *nickname = NULL;
- HCERTSTORE hStore = 0;
- DWORD msError = 0;
- PRBool hasID;
- CK_RV dummy;
- BOOL rc;
+ NSSItem value;
+ NSSItem keyID;
+ char *storeStr;
+ ckcapiInternalObject *io = NULL;
+ PCCERT_CONTEXT certContext = NULL;
+ PCCERT_CONTEXT storedCertContext = NULL;
+ CRYPT_KEY_PROV_INFO *prov_info = NULL;
+ char *nickname = NULL;
+ HCERTSTORE hStore = 0;
+ DWORD msError = 0;
+ PRBool hasID;
+ CK_RV dummy;
+ BOOL rc;
+
+ *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate,
+ ulAttributeCount, &value);
+
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
- *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate,
- ulAttributeCount, &value);
+ *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+ ulAttributeCount, &keyID);
+
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
+ if (ckcapi_cert_exists(&value, &io)) {
+ return io;
+ }
- *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
- ulAttributeCount, &keyID);
+ /* OK, we are creating a new one, figure out what store it belongs to..
+ * first get a certContext handle.. */
+ certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
+ value.data, value.size);
+ if ((PCCERT_CONTEXT)NULL == certContext) {
+ msError = GetLastError();
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
-
- if (ckcapi_cert_exists(&value, &io)) {
- return io;
- }
+ /* do we have a private key laying around... */
+ prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID);
+ if (prov_info) {
+ CRYPT_DATA_BLOB msKeyID;
+ storeStr = "My";
+ hasID = PR_TRUE;
+ rc = CertSetCertificateContextProperty(certContext,
+ CERT_KEY_PROV_INFO_PROP_ID,
+ 0, prov_info);
+ nss_ZFreeIf(prov_info);
+ if (!rc) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
+ msKeyID.cbData = keyID.size;
+ msKeyID.pbData = keyID.data;
+ rc = CertSetCertificateContextProperty(certContext,
+ CERT_KEY_IDENTIFIER_PROP_ID,
+ 0, &msKeyID);
+ if (!rc) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
- /* OK, we are creating a new one, figure out what store it belongs to..
- * first get a certContext handle.. */
- certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
- value.data, value.size);
- if ((PCCERT_CONTEXT) NULL == certContext) {
- msError = GetLastError();
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
+ /* does it look like a CA */
+ }
+ else if (ckcapi_cert_isCA(certContext)) {
+ storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
+ /* does it look like an S/MIME cert */
+ }
+ else if (ckcapi_cert_hasEmail(certContext)) {
+ storeStr = "AddressBook";
+ }
+ else {
+ /* just pick a store */
+ storeStr = "CA";
+ }
- /* do we have a private key laying around... */
- prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID);
- if (prov_info) {
- CRYPT_DATA_BLOB msKeyID;
- storeStr = "My";
- hasID = PR_TRUE;
- rc = CertSetCertificateContextProperty(certContext,
- CERT_KEY_PROV_INFO_PROP_ID,
- 0, prov_info);
- nss_ZFreeIf(prov_info);
- if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
+ /* get the nickname, not an error if we can't find it */
+ nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate,
+ ulAttributeCount, &dummy);
+ if (nickname) {
+ LPWSTR nicknameUTF16 = NULL;
+ CRYPT_DATA_BLOB nicknameBlob;
+
+ nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname);
+ nss_ZFreeIf(nickname);
+ nickname = NULL;
+ if ((LPWSTR)NULL == nicknameUTF16) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+ nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16);
+ nicknameBlob.pbData = (BYTE *)nicknameUTF16;
+ rc = CertSetCertificateContextProperty(certContext,
+ CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob);
+ nss_ZFreeIf(nicknameUTF16);
+ if (!rc) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
}
- msKeyID.cbData = keyID.size;
- msKeyID.pbData = keyID.data;
- rc = CertSetCertificateContextProperty(certContext,
- CERT_KEY_IDENTIFIER_PROP_ID,
- 0, &msKeyID);
+
+ hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+ if (0 == hStore) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
+
+ rc = CertAddCertificateContextToStore(hStore, certContext,
+ CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext);
+ CertFreeCertificateContext(certContext);
+ certContext = NULL;
+ CertCloseStore(hStore, 0);
+ hStore = 0;
if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
- }
-
- /* does it look like a CA */
- } else if (ckcapi_cert_isCA(certContext)) {
- storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
- /* does it look like an S/MIME cert */
- } else if (ckcapi_cert_hasEmail(certContext)) {
- storeStr = "AddressBook";
- } else {
- /* just pick a store */
- storeStr = "CA";
- }
-
- /* get the nickname, not an error if we can't find it */
- nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate,
- ulAttributeCount, &dummy);
- if (nickname) {
- LPWSTR nicknameUTF16 = NULL;
- CRYPT_DATA_BLOB nicknameBlob;
-
- nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname);
- nss_ZFreeIf(nickname);
- nickname = NULL;
- if ((LPWSTR)NULL == nicknameUTF16) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
}
- nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16);
- nicknameBlob.pbData = (BYTE *)nicknameUTF16;
- rc = CertSetCertificateContextProperty(certContext,
- CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob);
- nss_ZFreeIf(nicknameUTF16);
- if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
+
+ io = nss_ZNEW(NULL, ckcapiInternalObject);
+ if ((ckcapiInternalObject *)NULL == io) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
}
- }
-
- hStore = CertOpenSystemStore((HCRYPTPROV) NULL, storeStr);
- if (0 == hStore) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
- }
-
- rc = CertAddCertificateContextToStore(hStore, certContext,
- CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext);
- CertFreeCertificateContext(certContext);
- certContext = NULL;
- CertCloseStore(hStore, 0);
- hStore = 0;
- if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
- }
-
- io = nss_ZNEW(NULL, ckcapiInternalObject);
- if ((ckcapiInternalObject *)NULL == io) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
- io->type = ckcapiCert;
- io->objClass = CKO_CERTIFICATE;
- io->u.cert.certContext = storedCertContext;
- io->u.cert.hasID = hasID;
- return io;
+ io->type = ckcapiCert;
+ io->objClass = CKO_CERTIFICATE;
+ io->u.cert.certContext = storedCertContext;
+ io->u.cert.hasID = hasID;
+ return io;
loser:
- if (certContext) {
- CertFreeCertificateContext(certContext);
- certContext = NULL;
- }
- if (storedCertContext) {
- CertFreeCertificateContext(storedCertContext);
- storedCertContext = NULL;
- }
- if (0 != hStore) {
- CertCloseStore(hStore, 0);
- }
- return (ckcapiInternalObject *)NULL;
-
+ if (certContext) {
+ CertFreeCertificateContext(certContext);
+ certContext = NULL;
+ }
+ if (storedCertContext) {
+ CertFreeCertificateContext(storedCertContext);
+ storedCertContext = NULL;
+ }
+ if (0 != hStore) {
+ CertCloseStore(hStore, 0);
+ }
+ return (ckcapiInternalObject *)NULL;
}
static char *
-ckcapi_getDefaultProvider
-(
- CK_RV *pError
-)
+ckcapi_getDefaultProvider(
+ CK_RV *pError)
{
- char *name = NULL;
- BOOL rc;
- DWORD nameLength = 0;
+ char *name = NULL;
+ BOOL rc;
+ DWORD nameLength = 0;
+
+ rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL,
+ &nameLength);
+ if (!rc) {
+ return (char *)NULL;
+ }
- rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL,
- &nameLength);
- if (!rc) {
- return (char *)NULL;
- }
+ name = nss_ZNEWARRAY(NULL, char, nameLength);
+ if ((char *)NULL == name) {
+ return (char *)NULL;
+ }
+ rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name,
+ &nameLength);
+ if (!rc) {
+ nss_ZFreeIf(name);
+ return (char *)NULL;
+ }
- name = nss_ZNEWARRAY(NULL, char, nameLength);
- if ((char *)NULL == name ) {
- return (char *)NULL;
- }
- rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name,
- &nameLength);
- if (!rc) {
- nss_ZFreeIf(name);
- return (char *)NULL;
- }
-
- return name;
+ return name;
}
static char *
-ckcapi_getContainer
-(
- CK_RV *pError,
- NSSItem *id
-)
+ckcapi_getContainer(
+ CK_RV *pError,
+ NSSItem *id)
{
- RPC_STATUS rstat;
- UUID uuid;
- char *uuidStr;
- char *container;
+ RPC_STATUS rstat;
+ UUID uuid;
+ char *uuidStr;
+ char *container;
- rstat = UuidCreate(&uuid);
- rstat = UuidToString(&uuid, &uuidStr);
+ rstat = UuidCreate(&uuid);
+ rstat = UuidToString(&uuid, &uuidStr);
- /* convert it from rcp memory to our own */
- container = nssUTF8_Duplicate(uuidStr, NULL);
- RpcStringFree(&uuidStr);
-
- return container;
+ /* convert it from rcp memory to our own */
+ container = nssUTF8_Duplicate(uuidStr, NULL);
+ RpcStringFree(&uuidStr);
+
+ return container;
}
static CK_RV
-ckcapi_buildPrivateKeyBlob
-(
- NSSItem *keyBlob,
- NSSItem *modulus,
- NSSItem *publicExponent,
- NSSItem *privateExponent,
- NSSItem *prime1,
- NSSItem *prime2,
- NSSItem *exponent1,
- NSSItem *exponent2,
- NSSItem *coefficient,
- PRBool isKeyExchange
-)
+ckcapi_buildPrivateKeyBlob(
+ NSSItem *keyBlob,
+ NSSItem *modulus,
+ NSSItem *publicExponent,
+ NSSItem *privateExponent,
+ NSSItem *prime1,
+ NSSItem *prime2,
+ NSSItem *exponent1,
+ NSSItem *exponent2,
+ NSSItem *coefficient,
+ PRBool isKeyExchange)
{
- CAPI_RSA_KEY_BLOB *keyBlobData = NULL;
- unsigned char *target;
- unsigned long modSize = modulus->size;
- unsigned long dataSize;
- CK_RV error = CKR_OK;
+ CAPI_RSA_KEY_BLOB *keyBlobData = NULL;
+ unsigned char *target;
+ unsigned long modSize = modulus->size;
+ unsigned long dataSize;
+ CK_RV error = CKR_OK;
+
+ /* validate extras */
+ if (privateExponent->size != modSize) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ if (prime1->size != modSize / 2) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ if (prime2->size != modSize / 2) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ if (exponent1->size != modSize / 2) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ if (exponent2->size != modSize / 2) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ if (coefficient->size != modSize / 2) {
+ error = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto loser;
+ }
+ dataSize = (modSize * 4) + (modSize / 2) + sizeof(CAPI_RSA_KEY_BLOB);
+ keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize);
+ if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) {
+ error = CKR_HOST_MEMORY;
+ goto loser;
+ }
- /* validate extras */
- if (privateExponent->size != modSize) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- if (prime1->size != modSize/2) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- if (prime2->size != modSize/2) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- if (exponent1->size != modSize/2) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- if (exponent2->size != modSize/2) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- if (coefficient->size != modSize/2) {
- error = CKR_ATTRIBUTE_VALUE_INVALID;
- goto loser;
- }
- dataSize = (modSize*4)+(modSize/2) + sizeof(CAPI_RSA_KEY_BLOB);
- keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize);
- if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
+ keyBlobData->header.bType = PRIVATEKEYBLOB;
+ keyBlobData->header.bVersion = 0x02;
+ keyBlobData->header.reserved = 0x00;
+ keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX : CALG_RSA_SIGN;
+ keyBlobData->rsa.magic = 0x32415352;
+ keyBlobData->rsa.bitlen = modSize * 8;
+ keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent, &error);
+ if (CKR_OK != error) {
+ goto loser;
+ }
+
+ target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)];
+ nsslibc_memcpy(target, modulus->data, modulus->size);
+ modulus->data = target;
+ ckcapi_ReverseData(modulus);
+
+ target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)];
+ nsslibc_memcpy(target, privateExponent->data, privateExponent->size);
+ privateExponent->data = target;
+ ckcapi_ReverseData(privateExponent);
- keyBlobData->header.bType = PRIVATEKEYBLOB;
- keyBlobData->header.bVersion = 0x02;
- keyBlobData->header.reserved = 0x00;
- keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX:CALG_RSA_SIGN;
- keyBlobData->rsa.magic = 0x32415352;
- keyBlobData->rsa.bitlen = modSize * 8;
- keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent,&error);
- if (CKR_OK != error) {
- goto loser;
- }
+ target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)];
+ nsslibc_memcpy(target, prime1->data, prime1->size);
+ prime1->data = target;
+ ckcapi_ReverseData(prime1);
- target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)];
- nsslibc_memcpy(target, modulus->data, modulus->size);
- modulus->data = target;
- ckcapi_ReverseData(modulus);
+ target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)];
+ nsslibc_memcpy(target, prime2->data, prime2->size);
+ prime2->data = target;
+ ckcapi_ReverseData(prime2);
- target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)];
- nsslibc_memcpy(target, privateExponent->data, privateExponent->size);
- privateExponent->data = target;
- ckcapi_ReverseData(privateExponent);
+ target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)];
+ nsslibc_memcpy(target, exponent1->data, exponent1->size);
+ exponent1->data = target;
+ ckcapi_ReverseData(exponent1);
- target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)];
- nsslibc_memcpy(target, prime1->data, prime1->size);
- prime1->data = target;
- ckcapi_ReverseData(prime1);
-
- target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)];
- nsslibc_memcpy(target, prime2->data, prime2->size);
- prime2->data = target;
- ckcapi_ReverseData(prime2);
-
- target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)];
- nsslibc_memcpy(target, exponent1->data, exponent1->size);
- exponent1->data = target;
- ckcapi_ReverseData(exponent1);
+ target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)];
+ nsslibc_memcpy(target, exponent2->data, exponent2->size);
+ exponent2->data = target;
+ ckcapi_ReverseData(exponent2);
- target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)];
- nsslibc_memcpy(target, exponent2->data, exponent2->size);
- exponent2->data = target;
- ckcapi_ReverseData(exponent2);
+ target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)];
+ nsslibc_memcpy(target, coefficient->data, coefficient->size);
+ coefficient->data = target;
+ ckcapi_ReverseData(coefficient);
- target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)];
- nsslibc_memcpy(target, coefficient->data, coefficient->size);
- coefficient->data = target;
- ckcapi_ReverseData(coefficient);
+ keyBlob->data = keyBlobData;
+ keyBlob->size = dataSize;
- keyBlob->data = keyBlobData;
- keyBlob->size = dataSize;
-
- return CKR_OK;
+ return CKR_OK;
loser:
- nss_ZFreeIf(keyBlobData);
- return error;
+ nss_ZFreeIf(keyBlobData);
+ return error;
}
static ckcapiInternalObject *
-nss_ckcapi_CreatePrivateKey
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_ckcapi_CreatePrivateKey(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSItem modulus;
- NSSItem publicExponent;
- NSSItem privateExponent;
- NSSItem exponent1;
- NSSItem exponent2;
- NSSItem prime1;
- NSSItem prime2;
- NSSItem coefficient;
- NSSItem keyID;
- NSSItem keyBlob;
- ckcapiInternalObject *io = NULL;
- char *providerName = NULL;
- char *containerName = NULL;
- char *idData = NULL;
- CRYPT_KEY_PROV_INFO provInfo;
- CRYPT_HASH_BLOB msKeyID;
- CK_KEY_TYPE keyType;
- HCRYPTPROV hProv = 0;
- HCRYPTKEY hKey = 0;
- PRBool decrypt;
- DWORD keySpec;
- DWORD msError;
- BOOL rc;
+ NSSItem modulus;
+ NSSItem publicExponent;
+ NSSItem privateExponent;
+ NSSItem exponent1;
+ NSSItem exponent2;
+ NSSItem prime1;
+ NSSItem prime2;
+ NSSItem coefficient;
+ NSSItem keyID;
+ NSSItem keyBlob;
+ ckcapiInternalObject *io = NULL;
+ char *providerName = NULL;
+ char *containerName = NULL;
+ char *idData = NULL;
+ CRYPT_KEY_PROV_INFO provInfo;
+ CRYPT_HASH_BLOB msKeyID;
+ CK_KEY_TYPE keyType;
+ HCRYPTPROV hProv = 0;
+ HCRYPTKEY hKey = 0;
+ PRBool decrypt;
+ DWORD keySpec;
+ DWORD msError;
+ BOOL rc;
- keyType = nss_ckcapi_GetULongAttribute
- (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- if (CKK_RSA != keyType) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (ckcapiInternalObject *)NULL;
- }
+ keyType = nss_ckcapi_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ if (CKK_RSA != keyType) {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ return (ckcapiInternalObject *)NULL;
+ }
- decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT,
- pTemplate, ulAttributeCount, pError);
- if (CKR_TEMPLATE_INCOMPLETE == *pError) {
- decrypt = PR_TRUE; /* default to true */
- }
- decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP,
- pTemplate, ulAttributeCount, pError);
- if (CKR_TEMPLATE_INCOMPLETE == *pError) {
- decrypt = PR_TRUE; /* default to true */
- }
- keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE;
+ decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT,
+ pTemplate, ulAttributeCount, pError);
+ if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+ decrypt = PR_TRUE; /* default to true */
+ }
+ decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP,
+ pTemplate, ulAttributeCount, pError);
+ if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+ decrypt = PR_TRUE; /* default to true */
+ }
+ keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE;
- *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate,
- ulAttributeCount, &modulus);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate,
- ulAttributeCount, &publicExponent);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate,
- ulAttributeCount, &privateExponent);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate,
- ulAttributeCount, &prime1);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate,
- ulAttributeCount, &prime2);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate,
- ulAttributeCount, &exponent1);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate,
- ulAttributeCount, &exponent2);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate,
- ulAttributeCount, &coefficient);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
- ulAttributeCount, &keyID);
- if (CKR_OK != *pError) {
- return (ckcapiInternalObject *)NULL;
- }
- providerName = ckcapi_getDefaultProvider(pError);
- if ((char *)NULL == providerName ) {
- return (ckcapiInternalObject *)NULL;
- }
- containerName = ckcapi_getContainer(pError, &keyID);
- if ((char *)NULL == containerName) {
- goto loser;
- }
- rc = CryptAcquireContext(&hProv, containerName, providerName,
- PROV_RSA_FULL, CRYPT_NEWKEYSET);
- if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
- }
+ *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate,
+ ulAttributeCount, &modulus);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate,
+ ulAttributeCount, &publicExponent);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate,
+ ulAttributeCount, &privateExponent);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate,
+ ulAttributeCount, &prime1);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate,
+ ulAttributeCount, &prime2);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate,
+ ulAttributeCount, &exponent1);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate,
+ ulAttributeCount, &exponent2);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate,
+ ulAttributeCount, &coefficient);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+ ulAttributeCount, &keyID);
+ if (CKR_OK != *pError) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ providerName = ckcapi_getDefaultProvider(pError);
+ if ((char *)NULL == providerName) {
+ return (ckcapiInternalObject *)NULL;
+ }
+ containerName = ckcapi_getContainer(pError, &keyID);
+ if ((char *)NULL == containerName) {
+ goto loser;
+ }
+ rc = CryptAcquireContext(&hProv, containerName, providerName,
+ PROV_RSA_FULL, CRYPT_NEWKEYSET);
+ if (!rc) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
- *pError = ckcapi_buildPrivateKeyBlob(
- &keyBlob,
- &modulus,
- &publicExponent,
- &privateExponent,
- &prime1,
- &prime2,
- &exponent1,
- &exponent2,
- &coefficient,
- decrypt);
- if (CKR_OK != *pError) {
- goto loser;
- }
+ *pError = ckcapi_buildPrivateKeyBlob(
+ &keyBlob,
+ &modulus,
+ &publicExponent,
+ &privateExponent,
+ &prime1,
+ &prime2,
+ &exponent1,
+ &exponent2,
+ &coefficient,
+ decrypt);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
- rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size,
- 0, CRYPT_EXPORTABLE, &hKey);
- if (!rc) {
- msError = GetLastError();
- *pError = CKR_DEVICE_ERROR;
- goto loser;
- }
+ rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size,
+ 0, CRYPT_EXPORTABLE, &hKey);
+ if (!rc) {
+ msError = GetLastError();
+ *pError = CKR_DEVICE_ERROR;
+ goto loser;
+ }
- idData = nss_ZNEWARRAY(NULL, char, keyID.size);
- if ((void *)NULL == idData) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
- nsslibc_memcpy(idData, keyID.data, keyID.size);
+ idData = nss_ZNEWARRAY(NULL, char, keyID.size);
+ if ((void *)NULL == idData) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+ nsslibc_memcpy(idData, keyID.data, keyID.size);
- provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName);
- provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName);
- provInfo.dwProvType = PROV_RSA_FULL;
- provInfo.dwFlags = 0;
- provInfo.cProvParam = 0;
- provInfo.rgProvParam = NULL;
- provInfo.dwKeySpec = keySpec;
+ provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName);
+ provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName);
+ provInfo.dwProvType = PROV_RSA_FULL;
+ provInfo.dwFlags = 0;
+ provInfo.cProvParam = 0;
+ provInfo.rgProvParam = NULL;
+ provInfo.dwKeySpec = keySpec;
- msKeyID.cbData = keyID.size;
- msKeyID.pbData = keyID.data;
+ msKeyID.cbData = keyID.size;
+ msKeyID.pbData = keyID.data;
- rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID,
- 0, NULL, NULL, &provInfo);
- if (!rc) {
- goto loser;
- }
+ rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID,
+ 0, NULL, NULL, &provInfo);
+ if (!rc) {
+ goto loser;
+ }
- /* handle error here */
- io = nss_ZNEW(NULL, ckcapiInternalObject);
- if ((ckcapiInternalObject *)NULL == io) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
- io->type = ckcapiBareKey;
- io->objClass = CKO_PRIVATE_KEY;
- io->u.key.provInfo = provInfo;
- io->u.key.provName = providerName;
- io->u.key.containerName = containerName;
- io->u.key.hProv = hProv; /* save the handle */
- io->idData = idData;
- io->id.data = idData;
- io->id.size = keyID.size;
- /* done with the key handle */
- CryptDestroyKey(hKey);
- return io;
+ /* handle error here */
+ io = nss_ZNEW(NULL, ckcapiInternalObject);
+ if ((ckcapiInternalObject *)NULL == io) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+ io->type = ckcapiBareKey;
+ io->objClass = CKO_PRIVATE_KEY;
+ io->u.key.provInfo = provInfo;
+ io->u.key.provName = providerName;
+ io->u.key.containerName = containerName;
+ io->u.key.hProv = hProv; /* save the handle */
+ io->idData = idData;
+ io->id.data = idData;
+ io->id.size = keyID.size;
+ /* done with the key handle */
+ CryptDestroyKey(hKey);
+ return io;
loser:
- nss_ZFreeIf(containerName);
- nss_ZFreeIf(providerName);
- nss_ZFreeIf(idData);
- if (0 != hProv) {
- CryptReleaseContext(hProv, 0);
- }
- if (0 != hKey) {
- CryptDestroyKey(hKey);
- }
- return (ckcapiInternalObject *)NULL;
+ nss_ZFreeIf(containerName);
+ nss_ZFreeIf(providerName);
+ nss_ZFreeIf(idData);
+ if (0 != hProv) {
+ CryptReleaseContext(hProv, 0);
+ }
+ if (0 != hKey) {
+ CryptDestroyKey(hKey);
+ }
+ return (ckcapiInternalObject *)NULL;
}
-
NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_ckcapi_CreateObject(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- CK_OBJECT_CLASS objClass;
- ckcapiInternalObject *io = NULL;
- CK_BBOOL isToken;
+ CK_OBJECT_CLASS objClass;
+ ckcapiInternalObject *io = NULL;
+ CK_BBOOL isToken;
- /*
- * only create token objects
- */
- isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate,
- ulAttributeCount, pError);
- if (CKR_OK != *pError) {
- return (NSSCKMDObject *) NULL;
- }
- if (!isToken) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (NSSCKMDObject *) NULL;
- }
+ /*
+ * only create token objects
+ */
+ isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate,
+ ulAttributeCount, pError);
+ if (CKR_OK != *pError) {
+ return (NSSCKMDObject *)NULL;
+ }
+ if (!isToken) {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ return (NSSCKMDObject *)NULL;
+ }
- /*
- * only create keys and certs.
- */
- objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate,
- ulAttributeCount, pError);
- if (CKR_OK != *pError) {
- return (NSSCKMDObject *) NULL;
- }
+ /*
+ * only create keys and certs.
+ */
+ objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate,
+ ulAttributeCount, pError);
+ if (CKR_OK != *pError) {
+ return (NSSCKMDObject *)NULL;
+ }
#ifdef notdef
- if (objClass == CKO_PUBLIC_KEY) {
- return CKR_OK; /* fake public key creation, happens as a side effect of
- * private key creation */
- }
+ if (objClass == CKO_PUBLIC_KEY) {
+ return CKR_OK; /* fake public key creation, happens as a side effect of
+ * private key creation */
+ }
#endif
- if (objClass == CKO_CERTIFICATE) {
- io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
- ulAttributeCount, pError);
- } else if (objClass == CKO_PRIVATE_KEY) {
- io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
- ulAttributeCount, pError);
- } else {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- }
+ if (objClass == CKO_CERTIFICATE) {
+ io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
+ ulAttributeCount, pError);
+ }
+ else if (objClass == CKO_PRIVATE_KEY) {
+ io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
+ ulAttributeCount, pError);
+ }
+ else {
+ *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+ }
- if ((ckcapiInternalObject *)NULL == io) {
- return (NSSCKMDObject *) NULL;
- }
- return nss_ckcapi_CreateMDObject(NULL, io, pError);
+ if ((ckcapiInternalObject *)NULL == io) {
+ return (NSSCKMDObject *)NULL;
+ }
+ return nss_ckcapi_CreateMDObject(NULL, io, pError);
}
--- a/lib/ckfw/capi/constants.c
+++ b/lib/ckfw/capi/constants.c
@@ -16,45 +16,48 @@
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifndef NSSCAPI_H
#include "nsscapi.h"
#endif /* NSSCAPI_H */
NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_CryptokiVersion = {
- NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR,
- NSS_CKCAPI_CRYPTOKI_VERSION_MINOR };
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation";
+ nss_ckcapi_CryptokiVersion = {
+ NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR,
+ NSS_CKCAPI_CRYPTOKI_VERSION_MINOR
+ };
NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_LibraryDescription = (NSSUTF8 *) "NSS Access to Microsoft Certificate Store";
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_LibraryVersion = {
- NSS_CKCAPI_LIBRARY_VERSION_MAJOR,
- NSS_CKCAPI_LIBRARY_VERSION_MINOR};
+ nss_ckcapi_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation";
NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_SlotDescription = (NSSUTF8 *) "Microsoft Certificate Store";
+ nss_ckcapi_LibraryDescription = (NSSUTF8 *)"NSS Access to Microsoft Certificate Store";
NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_HardwareVersion = {
- NSS_CKCAPI_HARDWARE_VERSION_MAJOR,
- NSS_CKCAPI_HARDWARE_VERSION_MINOR };
+ nss_ckcapi_LibraryVersion = {
+ NSS_CKCAPI_LIBRARY_VERSION_MAJOR,
+ NSS_CKCAPI_LIBRARY_VERSION_MINOR
+ };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+ nss_ckcapi_SlotDescription = (NSSUTF8 *)"Microsoft Certificate Store";
NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_FirmwareVersion = {
- NSS_CKCAPI_FIRMWARE_VERSION_MAJOR,
- NSS_CKCAPI_FIRMWARE_VERSION_MINOR };
+ nss_ckcapi_HardwareVersion = {
+ NSS_CKCAPI_HARDWARE_VERSION_MAJOR,
+ NSS_CKCAPI_HARDWARE_VERSION_MINOR
+ };
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+ nss_ckcapi_FirmwareVersion = {
+ NSS_CKCAPI_FIRMWARE_VERSION_MAJOR,
+ NSS_CKCAPI_FIRMWARE_VERSION_MINOR
+ };
NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenLabel = (NSSUTF8 *) "Microsoft Certificate Store";
+ nss_ckcapi_TokenLabel = (NSSUTF8 *)"Microsoft Certificate Store";
NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenModel = (NSSUTF8 *) "1";
+ nss_ckcapi_TokenModel = (NSSUTF8 *)"1";
NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenSerialNumber = (NSSUTF8 *) "1";
-
+ nss_ckcapi_TokenSerialNumber = (NSSUTF8 *)"1";
--- a/lib/ckfw/capi/crsa.c
+++ b/lib/ckfw/capi/crsa.c
@@ -1,711 +1,687 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ckcapi.h"
#include "secdert.h"
-#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */
+#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */
/*
* ckcapi/crsa.c
*
* This file implements the NSSCKMDMechnaism and NSSCKMDCryptoOperation objects
* for the RSA operation on the CAPI cryptoki module.
*/
/*
* write a Decimal value to a string
*/
static char *
putDecimalString(char *cstr, unsigned long value)
{
- unsigned long tenpower;
- int first = 1;
+ unsigned long tenpower;
+ int first = 1;
+
+ for (tenpower = 10000000; tenpower; tenpower /= 10) {
+ unsigned char digit = (unsigned char)(value / tenpower);
+ value = value % tenpower;
- for (tenpower=10000000; tenpower; tenpower /= 10) {
- unsigned char digit = (unsigned char )(value/tenpower);
- value = value % tenpower;
-
- /* drop leading zeros */
- if (first && (0 == digit)) {
- continue;
+ /* drop leading zeros */
+ if (first && (0 == digit)) {
+ continue;
+ }
+ first = 0;
+ *cstr++ = digit + '0';
}
- first = 0;
- *cstr++ = digit + '0';
- }
- /* if value was zero, put one of them out */
- if (first) {
- *cstr++ = '0';
- }
- return cstr;
+ /* if value was zero, put one of them out */
+ if (first) {
+ *cstr++ = '0';
+ }
+ return cstr;
}
-
/*
* Create a Capi OID string value from a DER OID
*/
static char *
-nss_ckcapi_GetOidString
-(
- unsigned char *oidTag,
- unsigned int oidTagSize,
- CK_RV *pError
-)
+nss_ckcapi_GetOidString(
+ unsigned char *oidTag,
+ unsigned int oidTagSize,
+ CK_RV *pError)
{
- unsigned char *oid;
- char *oidStr;
- char *cstr;
- unsigned long value;
- unsigned int oidSize;
+ unsigned char *oid;
+ char *oidStr;
+ char *cstr;
+ unsigned long value;
+ unsigned int oidSize;
- if (DER_OBJECT_ID != *oidTag) {
- /* wasn't an oid */
- *pError = CKR_DATA_INVALID;
- return NULL;
- }
- oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL);
+ if (DER_OBJECT_ID != *oidTag) {
+ /* wasn't an oid */
+ *pError = CKR_DATA_INVALID;
+ return NULL;
+ }
+ oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL);
- if (oidSize < 2) {
- *pError = CKR_DATA_INVALID;
- return NULL;
- }
+ if (oidSize < 2) {
+ *pError = CKR_DATA_INVALID;
+ return NULL;
+ }
- oidStr = nss_ZNEWARRAY( NULL, char, oidSize*4 );
- if ((char *)NULL == oidStr) {
- *pError = CKR_HOST_MEMORY;
- return NULL;
- }
- cstr = oidStr;
- cstr = putDecimalString(cstr, (*oid) / 40);
- *cstr++ = '.';
- cstr = putDecimalString(cstr, (*oid) % 40);
- oidSize--;
+ oidStr = nss_ZNEWARRAY(NULL, char, oidSize * 4);
+ if ((char *)NULL == oidStr) {
+ *pError = CKR_HOST_MEMORY;
+ return NULL;
+ }
+ cstr = oidStr;
+ cstr = putDecimalString(cstr, (*oid) / 40);
+ *cstr++ = '.';
+ cstr = putDecimalString(cstr, (*oid) % 40);
+ oidSize--;
- value = 0;
- while (oidSize--) {
- oid++;
- value = (value << 7) + (*oid & 0x7f);
- if (0 == (*oid & 0x80)) {
- *cstr++ = '.';
- cstr = putDecimalString(cstr, value);
- value = 0;
+ value = 0;
+ while (oidSize--) {
+ oid++;
+ value = (value << 7) + (*oid & 0x7f);
+ if (0 == (*oid & 0x80)) {
+ *cstr++ = '.';
+ cstr = putDecimalString(cstr, value);
+ value = 0;
+ }
}
- }
- *cstr = 0; /* NULL terminate */
+ *cstr = 0; /* NULL terminate */
- if (value != 0) {
- nss_ZFreeIf(oidStr);
- *pError = CKR_DATA_INVALID;
- return NULL;
- }
- return oidStr;
+ if (value != 0) {
+ nss_ZFreeIf(oidStr);
+ *pError = CKR_DATA_INVALID;
+ return NULL;
+ }
+ return oidStr;
}
-
/*
- * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
- * which includes the hash OID. CAPI expects to take a Hash Context. While
- * CAPI does have the capability of setting a raw hash value, it does not
+ * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+ * which includes the hash OID. CAPI expects to take a Hash Context. While
+ * CAPI does have the capability of setting a raw hash value, it does not
* have the ability to sign an arbitrary value. This function tries to
* reduce the passed in data into something that CAPI could actually sign.
*/
static CK_RV
-ckcapi_GetRawHash
-(
- const NSSItem *input,
- NSSItem *hash,
- ALG_ID *hashAlg
-)
+ckcapi_GetRawHash(
+ const NSSItem *input,
+ NSSItem *hash,
+ ALG_ID *hashAlg)
{
- unsigned char *current;
- unsigned char *algid;
- unsigned char *oid;
- unsigned char *hashData;
- char *oidStr;
- CK_RV error;
- unsigned int oidSize;
- unsigned int size;
- /*
+ unsigned char *current;
+ unsigned char *algid;
+ unsigned char *oid;
+ unsigned char *hashData;
+ char *oidStr;
+ CK_RV error;
+ unsigned int oidSize;
+ unsigned int size;
+ /*
* there are 2 types of hashes NSS typically tries to sign, regular
* RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes.
* CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any
* random hash that is exactly the same size as an SSL3 hash, then we can
* just pass the data through. CAPI has know way of knowing if the value
* is really a combined hash or some other arbitrary data, so it's safe to
* handle this case first.
*/
- if (SSL3_SHAMD5_HASH_SIZE == input->size) {
- hash->data = input->data;
- hash->size = input->size;
- *hashAlg = CALG_SSL3_SHAMD5;
- return CKR_OK;
- }
+ if (SSL3_SHAMD5_HASH_SIZE == input->size) {
+ hash->data = input->data;
+ hash->size = input->size;
+ *hashAlg = CALG_SSL3_SHAMD5;
+ return CKR_OK;
+ }
- current = (unsigned char *)input->data;
+ current = (unsigned char *)input->data;
+
+ /* make sure we have a sequence tag */
+ if ((DER_SEQUENCE | DER_CONSTRUCTED) != *current) {
+ return CKR_DATA_INVALID;
+ }
- /* make sure we have a sequence tag */
- if ((DER_SEQUENCE|DER_CONSTRUCTED) != *current) {
- return CKR_DATA_INVALID;
- }
+ /* parse the input block to get 1) the hash oid, and 2) the raw hash value.
+ * unfortunatly CAPI doesn't have a builtin function to do this work, so
+ * we go ahead and do it by hand here.
+ *
+ * format is:
+ * SEQUENCE {
+ * SECQUENCE { // algid
+ * OID {} // oid
+ * ANY {} // optional params
+ * }
+ * OCTECT {} // hash
+ */
- /* parse the input block to get 1) the hash oid, and 2) the raw hash value.
- * unfortunatly CAPI doesn't have a builtin function to do this work, so
- * we go ahead and do it by hand here.
- *
- * format is:
- * SEQUENCE {
- * SECQUENCE { // algid
- * OID {} // oid
- * ANY {} // optional params
- * }
- * OCTECT {} // hash
- */
+ /* unwrap */
+ algid = nss_ckcapi_DERUnwrap(current, input->size, &size, NULL);
- /* unwrap */
- algid = nss_ckcapi_DERUnwrap(current,input->size, &size, NULL);
-
- if (algid+size != current+input->size) {
- /* make sure there is not extra data at the end */
- return CKR_DATA_INVALID;
- }
+ if (algid + size != current + input->size) {
+ /* make sure there is not extra data at the end */
+ return CKR_DATA_INVALID;
+ }
- if ((DER_SEQUENCE|DER_CONSTRUCTED) != *algid) {
- /* wasn't an algid */
- return CKR_DATA_INVALID;
- }
- oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData);
+ if ((DER_SEQUENCE | DER_CONSTRUCTED) != *algid) {
+ /* wasn't an algid */
+ return CKR_DATA_INVALID;
+ }
+ oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData);
- if (DER_OCTET_STRING != *hashData) {
- /* wasn't a hash */
- return CKR_DATA_INVALID;
- }
+ if (DER_OCTET_STRING != *hashData) {
+ /* wasn't a hash */
+ return CKR_DATA_INVALID;
+ }
- /* get the real hash */
- current = hashData;
- size = size - (hashData-algid);
- hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL);
+ /* get the real hash */
+ current = hashData;
+ size = size - (hashData - algid);
+ hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL);
- /* get the real oid as a string. Again, Microsoft does not
- * export anything that does this for us */
- oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error);
- if ((char *)NULL == oidStr ) {
- return error;
- }
+ /* get the real oid as a string. Again, Microsoft does not
+ * export anything that does this for us */
+ oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error);
+ if ((char *)NULL == oidStr) {
+ return error;
+ }
- /* look up the hash alg from the oid (fortunately CAPI does to this) */
- *hashAlg = CertOIDToAlgId(oidStr);
- nss_ZFreeIf(oidStr);
- if (0 == *hashAlg) {
- return CKR_HOST_MEMORY;
- }
+ /* look up the hash alg from the oid (fortunately CAPI does to this) */
+ *hashAlg = CertOIDToAlgId(oidStr);
+ nss_ZFreeIf(oidStr);
+ if (0 == *hashAlg) {
+ return CKR_HOST_MEMORY;
+ }
- /* hash looks reasonably consistent, we should be able to sign it now */
- return CKR_OK;
+ /* hash looks reasonably consistent, we should be able to sign it now */
+ return CKR_OK;
}
/*
* So everyone else in the worlds stores their bignum data MSB first, but not
* Microsoft, we need to byte swap everything coming into and out of CAPI.
*/
void
ckcapi_ReverseData(NSSItem *item)
{
- int end = (item->size)-1;
- int middle = (item->size)/2;
- unsigned char *buf = item->data;
- int i;
+ int end = (item->size) - 1;
+ int middle = (item->size) / 2;
+ unsigned char *buf = item->data;
+ int i;
- for (i=0; i < middle; i++) {
- unsigned char tmp = buf[i];
- buf[i] = buf[end-i];
- buf[end-i] = tmp;
- }
- return;
+ for (i = 0; i < middle; i++) {
+ unsigned char tmp = buf[i];
+ buf[i] = buf[end - i];
+ buf[end - i] = tmp;
+ }
+ return;
}
-typedef struct ckcapiInternalCryptoOperationRSAPrivStr
- ckcapiInternalCryptoOperationRSAPriv;
-struct ckcapiInternalCryptoOperationRSAPrivStr
-{
- NSSCKMDCryptoOperation mdOperation;
- NSSCKMDMechanism *mdMechanism;
- ckcapiInternalObject *iKey;
- HCRYPTPROV hProv;
- DWORD keySpec;
- HCRYPTKEY hKey;
- NSSItem *buffer;
+typedef struct ckcapiInternalCryptoOperationRSAPrivStr
+ ckcapiInternalCryptoOperationRSAPriv;
+struct ckcapiInternalCryptoOperationRSAPrivStr {
+ NSSCKMDCryptoOperation mdOperation;
+ NSSCKMDMechanism *mdMechanism;
+ ckcapiInternalObject *iKey;
+ HCRYPTPROV hProv;
+ DWORD keySpec;
+ HCRYPTKEY hKey;
+ NSSItem *buffer;
};
/*
* ckcapi_mdCryptoOperationRSAPriv_Create
*/
static NSSCKMDCryptoOperation *
-ckcapi_mdCryptoOperationRSAPriv_Create
-(
- const NSSCKMDCryptoOperation *proto,
- NSSCKMDMechanism *mdMechanism,
- NSSCKMDObject *mdKey,
- CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSAPriv_Create(
+ const NSSCKMDCryptoOperation *proto,
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKMDObject *mdKey,
+ CK_RV *pError)
{
- ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc;
- const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS);
- const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE);
- ckcapiInternalCryptoOperationRSAPriv *iOperation;
- CK_RV error;
- HCRYPTPROV hProv;
- DWORD keySpec;
- HCRYPTKEY hKey;
+ ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc;
+ const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS);
+ const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE);
+ ckcapiInternalCryptoOperationRSAPriv *iOperation;
+ CK_RV error;
+ HCRYPTPROV hProv;
+ DWORD keySpec;
+ HCRYPTKEY hKey;
- /* make sure we have the right objects */
- if (((const NSSItem *)NULL == classItem) ||
- (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
- (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
- ((const NSSItem *)NULL == keyType) ||
- (sizeof(CK_KEY_TYPE) != keyType->size) ||
- (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
- *pError = CKR_KEY_TYPE_INCONSISTENT;
- return (NSSCKMDCryptoOperation *)NULL;
- }
+ /* make sure we have the right objects */
+ if (((const NSSItem *)NULL == classItem) ||
+ (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
+ (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
+ ((const NSSItem *)NULL == keyType) ||
+ (sizeof(CK_KEY_TYPE) != keyType->size) ||
+ (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
+ *pError = CKR_KEY_TYPE_INCONSISTENT;
+ return (NSSCKMDCryptoOperation *)NULL;
+ }
- error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey);
- if (error != CKR_OK) {
- *pError = error;
- return (NSSCKMDCryptoOperation *)NULL;
- }
+ error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey);
+ if (error != CKR_OK) {
+ *pError = error;
+ return (NSSCKMDCryptoOperation *)NULL;
+ }
- iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv);
- if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDCryptoOperation *)NULL;
- }
- iOperation->mdMechanism = mdMechanism;
- iOperation->iKey = iKey;
- iOperation->hProv = hProv;
- iOperation->keySpec = keySpec;
- iOperation->hKey = hKey;
+ iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv);
+ if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKMDCryptoOperation *)NULL;
+ }
+ iOperation->mdMechanism = mdMechanism;
+ iOperation->iKey = iKey;
+ iOperation->hProv = hProv;
+ iOperation->keySpec = keySpec;
+ iOperation->hKey = hKey;
- nsslibc_memcpy(&iOperation->mdOperation,
- proto, sizeof(NSSCKMDCryptoOperation));
- iOperation->mdOperation.etc = iOperation;
+ nsslibc_memcpy(&iOperation->mdOperation,
+ proto, sizeof(NSSCKMDCryptoOperation));
+ iOperation->mdOperation.etc = iOperation;
- return &iOperation->mdOperation;
+ return &iOperation->mdOperation;
}
static CK_RV
-ckcapi_mdCryptoOperationRSAPriv_Destroy
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdCryptoOperationRSAPriv_Destroy(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- ckcapiInternalCryptoOperationRSAPriv *iOperation =
- (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+ ckcapiInternalCryptoOperationRSAPriv *iOperation =
+ (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
- if (iOperation->hKey) {
- CryptDestroyKey(iOperation->hKey);
- }
- if (iOperation->buffer) {
- nssItem_Destroy(iOperation->buffer);
- }
- nss_ZFreeIf(iOperation);
- return CKR_OK;
+ if (iOperation->hKey) {
+ CryptDestroyKey(iOperation->hKey);
+ }
+ if (iOperation->buffer) {
+ nssItem_Destroy(iOperation->buffer);
+ }
+ nss_ZFreeIf(iOperation);
+ return CKR_OK;
}
static CK_ULONG
-ckcapi_mdCryptoOperationRSA_GetFinalLength
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSA_GetFinalLength(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- ckcapiInternalCryptoOperationRSAPriv *iOperation =
- (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
- const NSSItem *modulus =
- nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS);
+ ckcapiInternalCryptoOperationRSAPriv *iOperation =
+ (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+ const NSSItem *modulus =
+ nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS);
- return modulus->size;
+ return modulus->size;
}
-
/*
* ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength
* we won't know the length until we actually decrypt the
* input block. Since we go to all the work to decrypt the
* the block, we'll save if for when the block is asked for
*/
static CK_ULONG
-ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *input,
- CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *input,
+ CK_RV *pError)
{
- ckcapiInternalCryptoOperationRSAPriv *iOperation =
- (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
- BOOL rc;
+ ckcapiInternalCryptoOperationRSAPriv *iOperation =
+ (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+ BOOL rc;
- /* Microsoft's Decrypt operation works in place. Since we don't want
- * to trash our input buffer, we make a copy of it */
- iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL);
- if ((NSSItem *) NULL == iOperation->buffer) {
- *pError = CKR_HOST_MEMORY;
- return 0;
- }
- /* Sigh, reverse it */
- ckcapi_ReverseData(iOperation->buffer);
-
- rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0,
- iOperation->buffer->data, &iOperation->buffer->size);
- if (!rc) {
- DWORD msError = GetLastError();
- switch (msError) {
- case NTE_BAD_DATA:
- *pError = CKR_ENCRYPTED_DATA_INVALID;
- break;
- case NTE_FAIL:
- case NTE_BAD_UID:
- *pError = CKR_DEVICE_ERROR;
- break;
- default:
- *pError = CKR_GENERAL_ERROR;
+ /* Microsoft's Decrypt operation works in place. Since we don't want
+ * to trash our input buffer, we make a copy of it */
+ iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL);
+ if ((NSSItem *)NULL == iOperation->buffer) {
+ *pError = CKR_HOST_MEMORY;
+ return 0;
}
- return 0;
- }
+ /* Sigh, reverse it */
+ ckcapi_ReverseData(iOperation->buffer);
- return iOperation->buffer->size;
+ rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0,
+ iOperation->buffer->data, &iOperation->buffer->size);
+ if (!rc) {
+ DWORD msError = GetLastError();
+ switch (msError) {
+ case NTE_BAD_DATA:
+ *pError =
+ CKR_ENCRYPTED_DATA_INVALID;
+ break;
+ case NTE_FAIL:
+ case NTE_BAD_UID:
+ *pError =
+ CKR_DEVICE_ERROR;
+ break;
+ default:
+ *pError =
+ CKR_GENERAL_ERROR;
+ }
+ return 0;
+ }
+
+ return iOperation->buffer->size;
}
/*
* ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal
*
- * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
+ * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
* have been called previously.
*/
static CK_RV
-ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *input,
- NSSItem *output
-)
+ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *input,
+ NSSItem *output)
{
- ckcapiInternalCryptoOperationRSAPriv *iOperation =
- (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
- NSSItem *buffer = iOperation->buffer;
+ ckcapiInternalCryptoOperationRSAPriv *iOperation =
+ (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+ NSSItem *buffer = iOperation->buffer;
- if ((NSSItem *)NULL == buffer) {
- return CKR_GENERAL_ERROR;
- }
- nsslibc_memcpy(output->data, buffer->data, buffer->size);
- output->size = buffer->size;
- return CKR_OK;
+ if ((NSSItem *)NULL == buffer) {
+ return CKR_GENERAL_ERROR;
+ }
+ nsslibc_memcpy(output->data, buffer->data, buffer->size);
+ output->size = buffer->size;
+ return CKR_OK;
}
/*
* ckcapi_mdCryptoOperationRSASign_UpdateFinal
*
*/
static CK_RV
-ckcapi_mdCryptoOperationRSASign_UpdateFinal
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *input,
- NSSItem *output
-)
+ckcapi_mdCryptoOperationRSASign_UpdateFinal(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *input,
+ NSSItem *output)
{
- ckcapiInternalCryptoOperationRSAPriv *iOperation =
- (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
- CK_RV error = CKR_OK;
- DWORD msError;
- NSSItem hash;
- HCRYPTHASH hHash = 0;
- ALG_ID hashAlg;
- DWORD hashSize;
- DWORD len; /* temp length value we throw away */
- BOOL rc;
+ ckcapiInternalCryptoOperationRSAPriv *iOperation =
+ (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+ CK_RV error = CKR_OK;
+ DWORD msError;
+ NSSItem hash;
+ HCRYPTHASH hHash = 0;
+ ALG_ID hashAlg;
+ DWORD hashSize;
+ DWORD len; /* temp length value we throw away */
+ BOOL rc;
- /*
- * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
- * which includes the hash OID. CAPI expects to take a Hash Context. While
- * CAPI does have the capability of setting a raw hash value, it does not
- * have the ability to sign an arbitrary value. This function tries to
- * reduce the passed in data into something that CAPI could actually sign.
- */
- error = ckcapi_GetRawHash(input, &hash, &hashAlg);
- if (CKR_OK != error) {
- goto loser;
- }
+ /*
+ * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+ * which includes the hash OID. CAPI expects to take a Hash Context. While
+ * CAPI does have the capability of setting a raw hash value, it does not
+ * have the ability to sign an arbitrary value. This function tries to
+ * reduce the passed in data into something that CAPI could actually sign.
+ */
+ error = ckcapi_GetRawHash(input, &hash, &hashAlg);
+ if (CKR_OK != error) {
+ goto loser;
+ }
+
+ rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash);
+ if (!rc) {
+ goto loser;
+ }
- rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash);
- if (!rc) {
- goto loser;
- }
+ /* make sure the hash lens match before we set it */
+ len = sizeof(DWORD);
+ rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0);
+ if (!rc) {
+ goto loser;
+ }
- /* make sure the hash lens match before we set it */
- len = sizeof(DWORD);
- rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0);
- if (!rc) {
- goto loser;
- }
+ if (hash.size != hashSize) {
+ /* The input must have been bad for this to happen */
+ error = CKR_DATA_INVALID;
+ goto loser;
+ }
- if (hash.size != hashSize) {
- /* The input must have been bad for this to happen */
- error = CKR_DATA_INVALID;
- goto loser;
- }
+ /* we have an explicit hash, set it, note that the length is
+ * implicit by the hashAlg used in create */
+ rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0);
+ if (!rc) {
+ goto loser;
+ }
- /* we have an explicit hash, set it, note that the length is
- * implicit by the hashAlg used in create */
- rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0);
- if (!rc) {
- goto loser;
- }
-
- /* OK, we have the data in a hash structure, sign it! */
- rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0,
- output->data, &output->size);
- if (!rc) {
- goto loser;
- }
+ /* OK, we have the data in a hash structure, sign it! */
+ rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0,
+ output->data, &output->size);
+ if (!rc) {
+ goto loser;
+ }
- /* Don't return a signature that might have been broken because of a cosmic
- * ray, or a broken processor, verify that it is valid... */
- rc = CryptVerifySignature(hHash, output->data, output->size,
- iOperation->hKey, NULL, 0);
- if (!rc) {
- goto loser;
- }
+ /* Don't return a signature that might have been broken because of a cosmic
+ * ray, or a broken processor, verify that it is valid... */
+ rc = CryptVerifySignature(hHash, output->data, output->size,
+ iOperation->hKey, NULL, 0);
+ if (!rc) {
+ goto loser;
+ }
- /* OK, Microsoft likes to do things completely differently than anyone
- * else. We need to reverse the data we received here */
- ckcapi_ReverseData(output);
- CryptDestroyHash(hHash);
- return CKR_OK;
+ /* OK, Microsoft likes to do things completely differently than anyone
+ * else. We need to reverse the data we received here */
+ ckcapi_ReverseData(output);
+ CryptDestroyHash(hHash);
+ return CKR_OK;
loser:
- /* map the microsoft error */
- if (CKR_OK == error) {
- msError = GetLastError();
- switch (msError) {
- case ERROR_NOT_ENOUGH_MEMORY:
- error = CKR_HOST_MEMORY;
- break;
- case NTE_NO_MEMORY:
- error = CKR_DEVICE_MEMORY;
- break;
- case ERROR_MORE_DATA:
- return CKR_BUFFER_TOO_SMALL;
- case ERROR_INVALID_PARAMETER: /* these params were derived from the */
- case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */
- case NTE_BAD_ALGID: /* data is bad */
- case NTE_BAD_HASH:
- error = CKR_DATA_INVALID;
- break;
- case ERROR_BUSY:
- case NTE_FAIL:
- case NTE_BAD_UID:
- error = CKR_DEVICE_ERROR;
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
+ /* map the microsoft error */
+ if (CKR_OK == error) {
+ msError = GetLastError();
+ switch (msError) {
+ case ERROR_NOT_ENOUGH_MEMORY:
+ error =
+ CKR_HOST_MEMORY;
+ break;
+ case NTE_NO_MEMORY:
+ error =
+ CKR_DEVICE_MEMORY;
+ break;
+ case ERROR_MORE_DATA:
+ return CKR_BUFFER_TOO_SMALL;
+ case ERROR_INVALID_PARAMETER: /* these params were derived from the */
+ case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */
+ case NTE_BAD_ALGID: /* data is bad */
+ case NTE_BAD_HASH:
+ error =
+ CKR_DATA_INVALID;
+ break;
+ case ERROR_BUSY:
+ case NTE_FAIL:
+ case NTE_BAD_UID:
+ error =
+ CKR_DEVICE_ERROR;
+ break;
+ default:
+ error =
+ CKR_GENERAL_ERROR;
+ break;
+ }
}
- }
- if (hHash) {
- CryptDestroyHash(hHash);
- }
- return error;
+ if (hHash) {
+ CryptDestroyHash(hHash);
+ }
+ return error;
}
-
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
-ckcapi_mdCryptoOperationRSADecrypt_proto = {
- NULL, /* etc */
- ckcapi_mdCryptoOperationRSAPriv_Destroy,
- NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
- ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength,
- NULL, /* Final - not needed for one shot operation */
- NULL, /* Update - not needed for one shot operation */
- NULL, /* DigetUpdate - not needed for one shot operation */
- ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal,
- NULL, /* UpdateCombo - not needed for one shot operation */
- NULL, /* DigetKey - not needed for one shot operation */
- (void *)NULL /* null terminator */
-};
+ ckcapi_mdCryptoOperationRSADecrypt_proto = {
+ NULL, /* etc */
+ ckcapi_mdCryptoOperationRSAPriv_Destroy,
+ NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
+ ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength,
+ NULL, /* Final - not needed for one shot operation */
+ NULL, /* Update - not needed for one shot operation */
+ NULL, /* DigetUpdate - not needed for one shot operation */
+ ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal,
+ NULL, /* UpdateCombo - not needed for one shot operation */
+ NULL, /* DigetKey - not needed for one shot operation */
+ (void *)NULL /* null terminator */
+ };
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
-ckcapi_mdCryptoOperationRSASign_proto = {
- NULL, /* etc */
- ckcapi_mdCryptoOperationRSAPriv_Destroy,
- ckcapi_mdCryptoOperationRSA_GetFinalLength,
- NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
- NULL, /* Final - not needed for one shot operation */
- NULL, /* Update - not needed for one shot operation */
- NULL, /* DigetUpdate - not needed for one shot operation */
- ckcapi_mdCryptoOperationRSASign_UpdateFinal,
- NULL, /* UpdateCombo - not needed for one shot operation */
- NULL, /* DigetKey - not needed for one shot operation */
- (void *)NULL /* null terminator */
-};
+ ckcapi_mdCryptoOperationRSASign_proto = {
+ NULL, /* etc */
+ ckcapi_mdCryptoOperationRSAPriv_Destroy,
+ ckcapi_mdCryptoOperationRSA_GetFinalLength,
+ NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
+ NULL, /* Final - not needed for one shot operation */
+ NULL, /* Update - not needed for one shot operation */
+ NULL, /* DigetUpdate - not needed for one shot operation */
+ ckcapi_mdCryptoOperationRSASign_UpdateFinal,
+ NULL, /* UpdateCombo - not needed for one shot operation */
+ NULL, /* DigetKey - not needed for one shot operation */
+ (void *)NULL /* null terminator */
+ };
/********** NSSCKMDMechansim functions ***********************/
/*
* ckcapi_mdMechanismRSA_Destroy
*/
static void
-ckcapi_mdMechanismRSA_Destroy
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdMechanismRSA_Destroy(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- nss_ZFreeIf(fwMechanism);
+ nss_ZFreeIf(fwMechanism);
}
/*
* ckcapi_mdMechanismRSA_GetMinKeySize
*/
static CK_ULONG
-ckcapi_mdMechanismRSA_GetMinKeySize
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdMechanismRSA_GetMinKeySize(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return 384;
+ return 384;
}
/*
* ckcapi_mdMechanismRSA_GetMaxKeySize
*/
static CK_ULONG
-ckcapi_mdMechanismRSA_GetMaxKeySize
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdMechanismRSA_GetMaxKeySize(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return 16384;
+ return 16384;
}
/*
* ckcapi_mdMechanismRSA_DecryptInit
*/
-static NSSCKMDCryptoOperation *
-ckcapi_mdMechanismRSA_DecryptInit
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
-)
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_DecryptInit(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError)
{
- return ckcapi_mdCryptoOperationRSAPriv_Create(
- &ckcapi_mdCryptoOperationRSADecrypt_proto,
- mdMechanism, mdKey, pError);
+ return ckcapi_mdCryptoOperationRSAPriv_Create(
+ &ckcapi_mdCryptoOperationRSADecrypt_proto,
+ mdMechanism, mdKey, pError);
}
/*
* ckcapi_mdMechanismRSA_SignInit
*/
-static NSSCKMDCryptoOperation *
-ckcapi_mdMechanismRSA_SignInit
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
-)
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_SignInit(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError)
{
- return ckcapi_mdCryptoOperationRSAPriv_Create(
- &ckcapi_mdCryptoOperationRSASign_proto,
- mdMechanism, mdKey, pError);
+ return ckcapi_mdCryptoOperationRSAPriv_Create(
+ &ckcapi_mdCryptoOperationRSASign_proto,
+ mdMechanism, mdKey, pError);
}
-
NSS_IMPLEMENT_DATA const NSSCKMDMechanism
-nss_ckcapi_mdMechanismRSA = {
- (void *)NULL, /* etc */
- ckcapi_mdMechanismRSA_Destroy,
- ckcapi_mdMechanismRSA_GetMinKeySize,
- ckcapi_mdMechanismRSA_GetMaxKeySize,
- NULL, /* GetInHardware - default false */
- NULL, /* EncryptInit - default errs */
- ckcapi_mdMechanismRSA_DecryptInit,
- NULL, /* DigestInit - default errs*/
- ckcapi_mdMechanismRSA_SignInit,
- NULL, /* VerifyInit - default errs */
- ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */
- NULL, /* VerifyRecoverInit - default errs */
- NULL, /* GenerateKey - default errs */
- NULL, /* GenerateKeyPair - default errs */
- NULL, /* GetWrapKeyLength - default errs */
- NULL, /* WrapKey - default errs */
- NULL, /* UnwrapKey - default errs */
- NULL, /* DeriveKey - default errs */
- (void *)NULL /* null terminator */
-};
+ nss_ckcapi_mdMechanismRSA = {
+ (void *)NULL, /* etc */
+ ckcapi_mdMechanismRSA_Destroy,
+ ckcapi_mdMechanismRSA_GetMinKeySize,
+ ckcapi_mdMechanismRSA_GetMaxKeySize,
+ NULL, /* GetInHardware - default false */
+ NULL, /* EncryptInit - default errs */
+ ckcapi_mdMechanismRSA_DecryptInit,
+ NULL, /* DigestInit - default errs*/
+ ckcapi_mdMechanismRSA_SignInit,
+ NULL, /* VerifyInit - default errs */
+ ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */
+ NULL, /* VerifyRecoverInit - default errs */
+ NULL, /* GenerateKey - default errs */
+ NULL, /* GenerateKeyPair - default errs */
+ NULL, /* GetWrapKeyLength - default errs */
+ NULL, /* WrapKey - default errs */
+ NULL, /* UnwrapKey - default errs */
+ NULL, /* DeriveKey - default errs */
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/capi/csession.c
+++ b/lib/ckfw/capi/csession.c
@@ -2,92 +2,86 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ckcapi.h"
/*
* ckcapi/csession.c
*
- * This file implements the NSSCKMDSession object for the
+ * This file implements the NSSCKMDSession object for the
* "nss to capi" cryptoki module.
*/
static NSSCKMDFindObjects *
-ckcapi_mdSession_FindObjectsInit
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+ckcapi_mdSession_FindObjectsInit(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+ return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
}
static NSSCKMDObject *
-ckcapi_mdSession_CreateObject
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+ckcapi_mdSession_CreateObject(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
+ return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
}
NSS_IMPLEMENT NSSCKMDSession *
-nss_ckcapi_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nss_ckcapi_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
- NSSArena *arena;
- NSSCKMDSession *rv;
+ NSSArena *arena;
+ NSSCKMDSession *rv;
- arena = NSSCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- return (NSSCKMDSession *)NULL;
- }
+ arena = NSSCKFWSession_GetArena(fwSession, pError);
+ if ((NSSArena *)NULL == arena) {
+ return (NSSCKMDSession *)NULL;
+ }
- rv = nss_ZNEW(arena, NSSCKMDSession);
- if( (NSSCKMDSession *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
+ rv = nss_ZNEW(arena, NSSCKMDSession);
+ if ((NSSCKMDSession *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKMDSession *)NULL;
+ }
- /*
- * rv was zeroed when allocated, so we only
- * need to set the non-zero members.
- */
+ /*
+ * rv was zeroed when allocated, so we only
+ * need to set the non-zero members.
+ */
- rv->etc = (void *)fwSession;
- /* rv->Close */
- /* rv->GetDeviceError */
- /* rv->Login */
- /* rv->Logout */
- /* rv->InitPIN */
- /* rv->SetPIN */
- /* rv->GetOperationStateLen */
- /* rv->GetOperationState */
- /* rv->SetOperationState */
- rv->CreateObject = ckcapi_mdSession_CreateObject;
- /* rv->CopyObject */
- rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit;
- /* rv->SeedRandom */
- /* rv->GetRandom */
- /* rv->null */
+ rv->etc = (void *)fwSession;
+ /* rv->Close */
+ /* rv->GetDeviceError */
+ /* rv->Login */
+ /* rv->Logout */
+ /* rv->InitPIN */
+ /* rv->SetPIN */
+ /* rv->GetOperationStateLen */
+ /* rv->GetOperationState */
+ /* rv->SetOperationState */
+ rv->CreateObject = ckcapi_mdSession_CreateObject;
+ /* rv->CopyObject */
+ rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit;
+ /* rv->SeedRandom */
+ /* rv->GetRandom */
+ /* rv->null */
- return rv;
+ return rv;
}
--- a/lib/ckfw/capi/cslot.c
+++ b/lib/ckfw/capi/cslot.c
@@ -7,85 +7,75 @@
/*
* ckcapi/cslot.c
*
* This file implements the NSSCKMDSlot object for the
* "nss to capi" cryptoki module.
*/
static NSSUTF8 *
-ckcapi_mdSlot_GetSlotDescription
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdSlot_GetSlotDescription(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_SlotDescription;
+ return (NSSUTF8 *)nss_ckcapi_SlotDescription;
}
static NSSUTF8 *
-ckcapi_mdSlot_GetManufacturerID
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdSlot_GetManufacturerID(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+ return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
}
static CK_VERSION
-ckcapi_mdSlot_GetHardwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdSlot_GetHardwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_HardwareVersion;
+ return nss_ckcapi_HardwareVersion;
}
static CK_VERSION
-ckcapi_mdSlot_GetFirmwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdSlot_GetFirmwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_FirmwareVersion;
+ return nss_ckcapi_FirmwareVersion;
}
static NSSCKMDToken *
-ckcapi_mdSlot_GetToken
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdSlot_GetToken(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSCKMDToken *)&nss_ckcapi_mdToken;
+ return (NSSCKMDToken *)&nss_ckcapi_mdToken;
}
NSS_IMPLEMENT_DATA const NSSCKMDSlot
-nss_ckcapi_mdSlot = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Destroy */
- ckcapi_mdSlot_GetSlotDescription,
- ckcapi_mdSlot_GetManufacturerID,
- NULL, /* GetTokenPresent -- defaults to true */
- NULL, /* GetRemovableDevice -- defaults to false */
- NULL, /* GetHardwareSlot -- defaults to false */
- ckcapi_mdSlot_GetHardwareVersion,
- ckcapi_mdSlot_GetFirmwareVersion,
- ckcapi_mdSlot_GetToken,
- (void *)NULL /* null terminator */
-};
+ nss_ckcapi_mdSlot = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Destroy */
+ ckcapi_mdSlot_GetSlotDescription,
+ ckcapi_mdSlot_GetManufacturerID,
+ NULL, /* GetTokenPresent -- defaults to true */
+ NULL, /* GetRemovableDevice -- defaults to false */
+ NULL, /* GetHardwareSlot -- defaults to false */
+ ckcapi_mdSlot_GetHardwareVersion,
+ ckcapi_mdSlot_GetFirmwareVersion,
+ ckcapi_mdSlot_GetToken,
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/capi/ctoken.c
+++ b/lib/ckfw/capi/ctoken.c
@@ -7,202 +7,178 @@
/*
* ckcapi/ctoken.c
*
* This file implements the NSSCKMDToken object for the
* "nss to capi" cryptoki module.
*/
static NSSUTF8 *
-ckcapi_mdToken_GetLabel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdToken_GetLabel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_TokenLabel;
+ return (NSSUTF8 *)nss_ckcapi_TokenLabel;
}
static NSSUTF8 *
-ckcapi_mdToken_GetManufacturerID
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdToken_GetManufacturerID(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+ return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
}
static NSSUTF8 *
-ckcapi_mdToken_GetModel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdToken_GetModel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_TokenModel;
+ return (NSSUTF8 *)nss_ckcapi_TokenModel;
}
static NSSUTF8 *
-ckcapi_mdToken_GetSerialNumber
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+ckcapi_mdToken_GetSerialNumber(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber;
+ return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber;
}
static CK_BBOOL
-ckcapi_mdToken_GetIsWriteProtected
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetIsWriteProtected(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_FALSE;
+ return CK_FALSE;
}
/* fake out Mozilla so we don't try to initialize the token */
static CK_BBOOL
-ckcapi_mdToken_GetUserPinInitialized
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetUserPinInitialized(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_VERSION
-ckcapi_mdToken_GetHardwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetHardwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_HardwareVersion;
+ return nss_ckcapi_HardwareVersion;
}
static CK_VERSION
-ckcapi_mdToken_GetFirmwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetFirmwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_ckcapi_FirmwareVersion;
+ return nss_ckcapi_FirmwareVersion;
}
static NSSCKMDSession *
-ckcapi_mdToken_OpenSession
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
-)
+ckcapi_mdToken_OpenSession(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_BBOOL rw,
+ CK_RV *pError)
{
- return nss_ckcapi_CreateSession(fwSession, pError);
+ return nss_ckcapi_CreateSession(fwSession, pError);
}
static CK_ULONG
-ckcapi_mdToken_GetMechanismCount
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetMechanismCount(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return (CK_ULONG)1;
+ return (CK_ULONG)1;
}
static CK_RV
-ckcapi_mdToken_GetMechanismTypes
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_MECHANISM_TYPE types[]
-)
+ckcapi_mdToken_GetMechanismTypes(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_MECHANISM_TYPE types[])
{
- types[0] = CKM_RSA_PKCS;
- return CKR_OK;
+ types[0] = CKM_RSA_PKCS;
+ return CKR_OK;
}
static NSSCKMDMechanism *
-ckcapi_mdToken_GetMechanism
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-)
+ckcapi_mdToken_GetMechanism(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError)
{
- if (which != CKM_RSA_PKCS) {
- *pError = CKR_MECHANISM_INVALID;
- return (NSSCKMDMechanism *)NULL;
- }
- return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA;
+ if (which != CKM_RSA_PKCS) {
+ *pError = CKR_MECHANISM_INVALID;
+ return (NSSCKMDMechanism *)NULL;
+ }
+ return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA;
}
NSS_IMPLEMENT_DATA const NSSCKMDToken
-nss_ckcapi_mdToken = {
- (void *)NULL, /* etc */
- NULL, /* Setup */
- NULL, /* Invalidate */
- NULL, /* InitToken -- default errs */
- ckcapi_mdToken_GetLabel,
- ckcapi_mdToken_GetManufacturerID,
- ckcapi_mdToken_GetModel,
- ckcapi_mdToken_GetSerialNumber,
- NULL, /* GetHasRNG -- default is false */
- ckcapi_mdToken_GetIsWriteProtected,
- NULL, /* GetLoginRequired -- default is false */
- ckcapi_mdToken_GetUserPinInitialized,
- NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
- NULL, /* GetHasClockOnToken -- default is false */
- NULL, /* GetHasProtectedAuthenticationPath -- default is false */
- NULL, /* GetSupportsDualCryptoOperations -- default is false */
- NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxPinLen -- irrelevant */
- NULL, /* GetMinPinLen -- irrelevant */
- NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- ckcapi_mdToken_GetHardwareVersion,
- ckcapi_mdToken_GetFirmwareVersion,
- NULL, /* GetUTCTime -- no clock */
- ckcapi_mdToken_OpenSession,
- ckcapi_mdToken_GetMechanismCount,
- ckcapi_mdToken_GetMechanismTypes,
- ckcapi_mdToken_GetMechanism,
- (void *)NULL /* null terminator */
-};
+ nss_ckcapi_mdToken = {
+ (void *)NULL, /* etc */
+ NULL, /* Setup */
+ NULL, /* Invalidate */
+ NULL, /* InitToken -- default errs */
+ ckcapi_mdToken_GetLabel,
+ ckcapi_mdToken_GetManufacturerID,
+ ckcapi_mdToken_GetModel,
+ ckcapi_mdToken_GetSerialNumber,
+ NULL, /* GetHasRNG -- default is false */
+ ckcapi_mdToken_GetIsWriteProtected,
+ NULL, /* GetLoginRequired -- default is false */
+ ckcapi_mdToken_GetUserPinInitialized,
+ NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+ NULL, /* GetHasClockOnToken -- default is false */
+ NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+ NULL, /* GetSupportsDualCryptoOperations -- default is false */
+ NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxPinLen -- irrelevant */
+ NULL, /* GetMinPinLen -- irrelevant */
+ NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ ckcapi_mdToken_GetHardwareVersion,
+ ckcapi_mdToken_GetFirmwareVersion,
+ NULL, /* GetUTCTime -- no clock */
+ ckcapi_mdToken_OpenSession,
+ ckcapi_mdToken_GetMechanismCount,
+ ckcapi_mdToken_GetMechanismTypes,
+ ckcapi_mdToken_GetMechanism,
+ (void *)NULL /* null terminator */
+ };
--- a/lib/ckfw/capi/nsscapi.h
+++ b/lib/ckfw/capi/nsscapi.h
@@ -13,29 +13,29 @@
* module you are using, use the appropriate PKCS #11 calls.
*
* These version numbers detail changes to the PKCS #11 interface. They map
* to the PKCS #11 spec versions.
*/
#define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2
#define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20
-/* These version numbers detail the changes
+/* These version numbers detail the changes
* to the list of trusted certificates.
*
* NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition.
*/
#define NSS_CKCAPI_LIBRARY_VERSION_MAJOR 1
#define NSS_CKCAPI_LIBRARY_VERSION_MINOR 1
#define NSS_CKCAPI_LIBRARY_VERSION "1.1"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1
#define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0
-/* These version numbers detail the semantic changes to ckbi itself
+/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1
#define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0
#endif /* NSSCKBI_H */
--- a/lib/ckfw/capi/staticobj.c
+++ b/lib/ckfw/capi/staticobj.c
@@ -12,28 +12,29 @@ static const CK_TRUST ckt_netscape_trust
static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
static const CK_BBOOL ck_true = CK_TRUE;
static const CK_OBJECT_CLASS cko_data = CKO_DATA;
static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
static const CK_BBOOL ck_false = CK_FALSE;
static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
/* example of a static object */
-static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
+static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1[] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
};
-static const NSSItem nss_ckcapi_items_1 [] = {
- { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Mozilla CAPI Access", (PRUint32)20 }
+static const NSSItem nss_ckcapi_items_1[] = {
+ { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Mozilla CAPI Access", (PRUint32)20 }
};
ckcapiInternalObject nss_ckcapi_data[] = {
- { ckcapiRaw,
- { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} ,
- },
+ {
+ ckcapiRaw,
+ { 5, nss_ckcapi_types_1, nss_ckcapi_items_1 },
+ },
};
const PRUint32 nss_ckcapi_nObjects = 1;
--- a/lib/ckfw/ckfw.h
+++ b/lib/ckfw/ckfw.h
@@ -35,17 +35,17 @@
* nssCKFWInstance_Destroy
*
* -- implement public accessors --
* nssCKFWInstance_GetMDInstance
* nssCKFWInstance_GetArena
* nssCKFWInstance_MayCreatePthreads
* nssCKFWInstance_CreateMutex
* nssCKFWInstance_GetConfigurationData
- * nssCKFWInstance_GetInitArgs
+ * nssCKFWInstance_GetInitArgs
*
* -- private accessors --
* nssCKFWInstance_CreateSessionHandle
* nssCKFWInstance_ResolveSessionHandle
* nssCKFWInstance_DestroySessionHandle
* nssCKFWInstance_FindSessionHandle
* nssCKFWInstance_CreateObjectHandle
* nssCKFWInstance_ResolveObjectHandle
@@ -67,305 +67,250 @@
* nssCKFWInstance_verifyPointer
*/
/*
* nssCKFWInstance_Create
*
*/
NSS_EXTERN NSSCKFWInstance *
-nssCKFWInstance_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState LockingState,
- NSSCKMDInstance *mdInstance,
- CK_RV *pError
-);
+nssCKFWInstance_Create(
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+ CryptokiLockingState LockingState,
+ NSSCKMDInstance *mdInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_Destroy
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_Destroy(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetMDInstance
*
*/
NSS_EXTERN NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetMDInstance(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetArena(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_MayCreatePthreads
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_MayCreatePthreads(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_CreateMutex
*
*/
NSS_EXTERN NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
+nssCKFWInstance_CreateMutex(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
/*
* nssCKFWInstance_GetConfigurationData
*
*/
NSS_EXTERN NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetConfigurationData(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetInitArgs
*
*/
NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
-nssCKFWInstance_GetInitArgs
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetInitArgs(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_CreateSessionHandle
*
*/
NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nssCKFWInstance_CreateSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
/*
* nssCKFWInstance_ResolveSessionHandle
*
*/
NSS_EXTERN NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_ResolveSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* nssCKFWInstance_DestroySessionHandle
*
*/
NSS_EXTERN void
-nssCKFWInstance_DestroySessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_DestroySessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* nssCKFWInstance_FindSessionHandle
*
*/
NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession
-);
+nssCKFWInstance_FindSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession);
/*
* nssCKFWInstance_CreateObjectHandle
*
*/
NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWInstance_CreateObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* nssCKFWInstance_ResolveObjectHandle
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_ResolveObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject);
/*
* nssCKFWInstance_ReassignObjectHandle
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject,
- NSSCKFWObject *fwObject
-);
+nssCKFWInstance_ReassignObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWInstance_DestroyObjectHandle
*
*/
NSS_EXTERN void
-nssCKFWInstance_DestroyObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_DestroyObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject);
/*
* nssCKFWInstance_FindObjectHandle
*
*/
NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-);
+nssCKFWInstance_FindObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWInstance_GetNSlots
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetNSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetNSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_GetCryptokiVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetCryptokiVersion(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_GetManufacturerID
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWInstance_GetManufacturerID(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWInstance_GetFlags
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetFlags
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetFlags(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetLibraryDescription
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR libraryDescription[32]
-);
+nssCKFWInstance_GetLibraryDescription(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR libraryDescription[32]);
/*
* nssCKFWInstance_GetLibraryVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetLibraryVersion(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetModuleHandlesSessionObjects
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetSlots
*
*/
NSS_EXTERN NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_WaitForSlotEvent
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
-);
+nssCKFWInstance_WaitForSlotEvent(
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL block,
+ CK_RV *pError);
/*
* nssCKFWInstance_verifyPointer
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_verifyPointer
-(
- const NSSCKFWInstance *fwInstance
-);
-
+nssCKFWInstance_verifyPointer(
+ const NSSCKFWInstance *fwInstance);
/*
* NSSCKFWSlot
*
* -- create/destroy --
* nssCKFWSlot_Create
* nssCKFWSlot_Destroy
*
@@ -388,168 +333,138 @@ nssCKFWInstance_verifyPointer
* nssCKFWSlot_GetToken
*/
/*
* nssCKFWSlot_Create
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWSlot_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *mdSlot,
- CK_SLOT_ID slotID,
- CK_RV *pError
-);
+nssCKFWSlot_Create(
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *mdSlot,
+ CK_SLOT_ID slotID,
+ CK_RV *pError);
/*
* nssCKFWSlot_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_Destroy
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_Destroy(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetMDSlot
*
*/
NSS_EXTERN NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDSlot(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetFWInstance
*
*/
NSS_EXTERN NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFWInstance(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetMDInstance
*
*/
NSS_EXTERN NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDInstance(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetSlotID
*
*/
NSS_EXTERN CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetSlotID(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetSlotDescription
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_GetSlotDescription
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR slotDescription[64]
-);
+nssCKFWSlot_GetSlotDescription(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR slotDescription[64]);
/*
* nssCKFWSlot_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_GetManufacturerID
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWSlot_GetManufacturerID(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWSlot_GetTokenPresent
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetTokenPresent(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetRemovableDevice
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetRemovableDevice(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetHardwareSlot
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareSlot(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetHardwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareVersion(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetFirmwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFirmwareVersion(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetToken
- *
+ *
*/
NSS_EXTERN NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
- NSSCKFWSlot *fwSlot,
- CK_RV *pError
-);
+nssCKFWSlot_GetToken(
+ NSSCKFWSlot *fwSlot,
+ CK_RV *pError);
/*
* nssCKFWSlot_ClearToken
*
*/
NSS_EXTERN void
-nssCKFWSlot_ClearToken
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_ClearToken(
+ NSSCKFWSlot *fwSlot);
/*
* NSSCKFWToken
*
* -- create/destroy --
* nssCKFWToken_Create
* nssCKFWToken_Destroy
*
@@ -601,469 +516,381 @@ nssCKFWSlot_ClearToken
* nssCKFWToken_GetMechanism
*/
/*
* nssCKFWToken_Create
*
*/
NSS_EXTERN NSSCKFWToken *
-nssCKFWToken_Create
-(
- NSSCKFWSlot *fwSlot,
- NSSCKMDToken *mdToken,
- CK_RV *pError
-);
+nssCKFWToken_Create(
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDToken *mdToken,
+ CK_RV *pError);
/*
* nssCKFWToken_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_Destroy
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_Destroy(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDToken
*
*/
NSS_EXTERN NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-);
+nssCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError);
/*
* nssCKFWToken_GetFWSlot
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDSlot
*
*/
NSS_EXTERN NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionState
*
*/
NSS_EXTERN CK_STATE
-nssCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionState(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_InitToken
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_InitToken
-(
- NSSCKFWToken *fwToken,
- NSSItem *pin,
- NSSUTF8 *label
-);
+nssCKFWToken_InitToken(
+ NSSCKFWToken *fwToken,
+ NSSItem *pin,
+ NSSUTF8 *label);
/*
* nssCKFWToken_GetLabel
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetLabel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR label[32]
-);
+nssCKFWToken_GetLabel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR label[32]);
/*
* nssCKFWToken_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetManufacturerID
-(
- NSSCKFWToken *fwToken,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWToken_GetManufacturerID(
+ NSSCKFWToken *fwToken,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWToken_GetModel
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetModel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR model[16]
-);
+nssCKFWToken_GetModel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR model[16]);
/*
* nssCKFWToken_GetSerialNumber
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetSerialNumber
-(
- NSSCKFWToken *fwToken,
- CK_CHAR serialNumber[16]
-);
+nssCKFWToken_GetSerialNumber(
+ NSSCKFWToken *fwToken,
+ CK_CHAR serialNumber[16]);
/*
* nssCKFWToken_GetHasRNG
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasRNG(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetIsWriteProtected
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetIsWriteProtected(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetLoginRequired
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetLoginRequired(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetUserPinInitialized
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetUserPinInitialized(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRestoreKeyNotNeeded
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRestoreKeyNotNeeded(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHasClockOnToken
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasClockOnToken(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHasProtectedAuthenticationPath
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSupportsDualCryptoOperations
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSupportsDualCryptoOperations(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxRwSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxRwSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxPinLen
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxPinLen(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMinPinLen
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMinPinLen(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetTotalPublicMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPublicMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFreePublicMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePublicMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetTotalPrivateMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPrivateMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFreePrivateMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePrivateMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHardwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHardwareVersion(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFirmwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFirmwareVersion(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetUTCTime
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetUTCTime
-(
- NSSCKFWToken *fwToken,
- CK_CHAR utcTime[16]
-);
+nssCKFWToken_GetUTCTime(
+ NSSCKFWToken *fwToken,
+ CK_CHAR utcTime[16]);
/*
* nssCKFWToken_OpenSession
*
*/
NSS_EXTERN NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-);
+nssCKFWToken_OpenSession(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError);
/*
* nssCKFWToken_GetMechanismCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMechanismCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMechanismTypes
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetMechanismTypes
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE types[]
-);
+nssCKFWToken_GetMechanismTypes(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE types[]);
/*
* nssCKFWToken_GetMechanism
*
*/
NSS_EXTERN NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-);
+nssCKFWToken_GetMechanism(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError);
/*
* nssCKFWToken_SetSessionState
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_SetSessionState
-(
- NSSCKFWToken *fwToken,
- CK_STATE newState
-);
+nssCKFWToken_SetSessionState(
+ NSSCKFWToken *fwToken,
+ CK_STATE newState);
/*
* nssCKFWToken_RemoveSession
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_RemoveSession
-(
- NSSCKFWToken *fwToken,
- NSSCKFWSession *fwSession
-);
+nssCKFWToken_RemoveSession(
+ NSSCKFWToken *fwToken,
+ NSSCKFWSession *fwSession);
/*
* nssCKFWToken_CloseAllSessions
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_CloseAllSessions
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_CloseAllSessions(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRwSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRwSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRoSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRoSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionObjectHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionObjectHash(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDObjectHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDObjectHash(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetObjectHandleHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetObjectHandleHash(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWMechanism
*
* -- create/destroy --
* nssCKFWMechanism_Create
* nssCKFWMechanism_Destroy
*
@@ -1102,387 +929,325 @@ nssCKFWToken_GetObjectHandleHash
* nssCKFWMechanism_DeriveKey
*/
/*
* nssCKFWMechanism_Create
*
*/
NSS_EXTERN NSSCKFWMechanism *
-nssCKFWMechanism_Create
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nssCKFWMechanism_Create(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWMechanism_Destroy
*
*/
NSS_EXTERN void
-nssCKFWMechanism_Destroy
-(
- NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_Destroy(
+ NSSCKFWMechanism *fwMechanism);
/*
* nssCKFWMechanism_GetMDMechanism
*
*/
NSS_EXTERN NSSCKMDMechanism *
-nssCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_GetMDMechanism(
+ NSSCKFWMechanism *fwMechanism);
/*
* nssCKFWMechanism_GetMinKeySize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMinKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetMinKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetMaxKeySize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMaxKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetMaxKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetInHardware
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetInHardware
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
