mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-09-14 07:55:22 +00:00
368 lines
8.8 KiB
C
368 lines
8.8 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef CKMK_H
|
|
#include "ckmk.h"
|
|
#endif /* CKMK_H */
|
|
|
|
/*
|
|
* nssmkey/mfind.c
|
|
*
|
|
* This file implements the NSSCKMDFindObjects object for the
|
|
* "nssmkey" cryptoki module.
|
|
*/
|
|
|
|
struct ckmkFOStr {
|
|
NSSArena *arena;
|
|
CK_ULONG n;
|
|
CK_ULONG i;
|
|
ckmkInternalObject **objs;
|
|
};
|
|
|
|
static void
|
|
ckmk_mdFindObjects_Final
|
|
(
|
|
NSSCKMDFindObjects *mdFindObjects,
|
|
NSSCKFWFindObjects *fwFindObjects,
|
|
NSSCKMDSession *mdSession,
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKMDToken *mdToken,
|
|
NSSCKFWToken *fwToken,
|
|
NSSCKMDInstance *mdInstance,
|
|
NSSCKFWInstance *fwInstance
|
|
)
|
|
{
|
|
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
|
|
NSSArena *arena = fo->arena;
|
|
PRUint32 i;
|
|
|
|
/* walk down an free the unused 'objs' */
|
|
for (i=fo->i; i < fo->n ; i++) {
|
|
nss_ckmk_DestroyInternalObject(fo->objs[i]);
|
|
}
|
|
|
|
nss_ZFreeIf(fo->objs);
|
|
nss_ZFreeIf(fo);
|
|
nss_ZFreeIf(mdFindObjects);
|
|
if ((NSSArena *)NULL != arena) {
|
|
NSSArena_Destroy(arena);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
static NSSCKMDObject *
|
|
ckmk_mdFindObjects_Next
|
|
(
|
|
NSSCKMDFindObjects *mdFindObjects,
|
|
NSSCKFWFindObjects *fwFindObjects,
|
|
NSSCKMDSession *mdSession,
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKMDToken *mdToken,
|
|
NSSCKFWToken *fwToken,
|
|
NSSCKMDInstance *mdInstance,
|
|
NSSCKFWInstance *fwInstance,
|
|
NSSArena *arena,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
|
|
ckmkInternalObject *io;
|
|
|
|
if( fo->i == fo->n ) {
|
|
*pError = CKR_OK;
|
|
return (NSSCKMDObject *)NULL;
|
|
}
|
|
|
|
io = fo->objs[ fo->i ];
|
|
fo->i++;
|
|
|
|
return nss_ckmk_CreateMDObject(arena, io, pError);
|
|
}
|
|
|
|
static CK_BBOOL
|
|
ckmk_attrmatch
|
|
(
|
|
CK_ATTRIBUTE_PTR a,
|
|
ckmkInternalObject *o
|
|
)
|
|
{
|
|
PRBool prb;
|
|
const NSSItem *b;
|
|
CK_RV error;
|
|
|
|
b = nss_ckmk_FetchAttribute(o, a->type, &error);
|
|
if (b == NULL) {
|
|
return CK_FALSE;
|
|
}
|
|
|
|
if( a->ulValueLen != b->size ) {
|
|
/* match a decoded serial number */
|
|
if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
|
|
int len;
|
|
unsigned char *data;
|
|
|
|
data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL);
|
|
if ((len == a->ulValueLen) &&
|
|
nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
|
|
return CK_TRUE;
|
|
}
|
|
}
|
|
return CK_FALSE;
|
|
}
|
|
|
|
prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
|
|
|
|
if( PR_TRUE == prb ) {
|
|
return CK_TRUE;
|
|
} else {
|
|
return CK_FALSE;
|
|
}
|
|
}
|
|
|
|
|
|
static CK_BBOOL
|
|
ckmk_match
|
|
(
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
ckmkInternalObject *o
|
|
)
|
|
{
|
|
CK_ULONG i;
|
|
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) {
|
|
return CK_FALSE;
|
|
}
|
|
}
|
|
|
|
/* Every attribute passed */
|
|
return CK_TRUE;
|
|
}
|
|
|
|
#define CKMK_ITEM_CHUNK 20
|
|
|
|
#define PUT_OBJECT(obj, err, size, count, list) \
|
|
{ \
|
|
if (count >= size) { \
|
|
(list) = (list) ? \
|
|
nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
|
|
((size)+CKMK_ITEM_CHUNK) ) : \
|
|
nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
|
|
((size)+CKMK_ITEM_CHUNK) ) ; \
|
|
if ((ckmkInternalObject **)NULL == list) { \
|
|
err = CKR_HOST_MEMORY; \
|
|
goto loser; \
|
|
} \
|
|
(size) += CKMK_ITEM_CHUNK; \
|
|
} \
|
|
(list)[ count ] = (obj); \
|
|
count++; \
|
|
}
|
|
|
|
|
|
/* find all the certs that represent the appropriate object (cert, priv key, or
|
|
* pub key) in the cert store.
|
|
*/
|
|
static PRUint32
|
|
collect_class(
|
|
CK_OBJECT_CLASS objClass,
|
|
SecItemClass itemClass,
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
ckmkInternalObject ***listp,
|
|
PRUint32 *sizep,
|
|
PRUint32 count,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
ckmkInternalObject *next = NULL;
|
|
SecKeychainSearchRef searchRef = 0;
|
|
SecKeychainItemRef itemRef = 0;
|
|
OSStatus error;
|
|
|
|
/* future, build the attribute list based on the template
|
|
* so we can refine the search */
|
|
error = SecKeychainSearchCreateFromAttributes(
|
|
NULL, itemClass, NULL, &searchRef);
|
|
|
|
while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
|
|
/* if we don't have an internal object structure, get one */
|
|
if ((ckmkInternalObject *)NULL == next) {
|
|
next = nss_ZNEW(NULL, ckmkInternalObject);
|
|
if ((ckmkInternalObject *)NULL == next) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
goto loser;
|
|
}
|
|
}
|
|
/* fill in the relevant object data */
|
|
next->type = ckmkItem;
|
|
next->objClass = objClass;
|
|
next->u.item.itemRef = itemRef;
|
|
next->u.item.itemClass = itemClass;
|
|
|
|
/* see if this is one of the objects we are looking for */
|
|
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
|
|
/* yes, put it on the list */
|
|
PUT_OBJECT(next, *pError, *sizep, count, *listp);
|
|
next = NULL; /* this one is on the list, need to allocate a new one now */
|
|
} else {
|
|
/* no , release the current item and clear out the structure for reuse */
|
|
CFRelease(itemRef);
|
|
/* don't cache the values we just loaded */
|
|
nsslibc_memset(next, 0, sizeof(*next));
|
|
}
|
|
}
|
|
loser:
|
|
if (searchRef) {
|
|
CFRelease(searchRef);
|
|
}
|
|
nss_ZFreeIf(next);
|
|
return count;
|
|
}
|
|
|
|
static PRUint32
|
|
collect_objects(
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
ckmkInternalObject ***listp,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
PRUint32 i;
|
|
PRUint32 count = 0;
|
|
PRUint32 size = 0;
|
|
CK_OBJECT_CLASS objClass;
|
|
|
|
/*
|
|
* first handle the static build in objects (if any)
|
|
*/
|
|
for( i = 0; i < nss_ckmk_nObjects; i++ ) {
|
|
ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i];
|
|
|
|
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) {
|
|
PUT_OBJECT(o, *pError, size, count, *listp);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* now handle the various object types
|
|
*/
|
|
objClass = nss_ckmk_GetULongAttribute(CKA_CLASS,
|
|
pTemplate, ulAttributeCount, pError);
|
|
if (CKR_OK != *pError) {
|
|
objClass = CK_INVALID_HANDLE;
|
|
}
|
|
*pError = CKR_OK;
|
|
switch (objClass) {
|
|
case CKO_CERTIFICATE:
|
|
count = collect_class(objClass, kSecCertificateItemClass,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
break;
|
|
case CKO_PUBLIC_KEY:
|
|
count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
break;
|
|
case CKO_PRIVATE_KEY:
|
|
count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
break;
|
|
/* all of them */
|
|
case CK_INVALID_HANDLE:
|
|
count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY,
|
|
pTemplate, ulAttributeCount, listp,
|
|
&size, count, pError);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
if (CKR_OK != *pError) {
|
|
goto loser;
|
|
}
|
|
|
|
return count;
|
|
loser:
|
|
nss_ZFreeIf(*listp);
|
|
return 0;
|
|
}
|
|
|
|
|
|
NSS_IMPLEMENT NSSCKMDFindObjects *
|
|
nss_ckmk_FindObjectsInit
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
/* This could be made more efficient. I'm rather rushed. */
|
|
NSSArena *arena;
|
|
NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
|
|
struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL;
|
|
ckmkInternalObject **temp = (ckmkInternalObject **)NULL;
|
|
|
|
arena = NSSArena_Create();
|
|
if( (NSSArena *)NULL == arena ) {
|
|
goto loser;
|
|
}
|
|
|
|
rv = nss_ZNEW(arena, NSSCKMDFindObjects);
|
|
if( (NSSCKMDFindObjects *)NULL == rv ) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
goto loser;
|
|
}
|
|
|
|
fo = nss_ZNEW(arena, struct ckmkFOStr);
|
|
if( (struct ckmkFOStr *)NULL == fo ) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
goto loser;
|
|
}
|
|
|
|
fo->arena = arena;
|
|
/* fo->n and fo->i are already zero */
|
|
|
|
rv->etc = (void *)fo;
|
|
rv->Final = ckmk_mdFindObjects_Final;
|
|
rv->Next = ckmk_mdFindObjects_Next;
|
|
rv->null = (void *)NULL;
|
|
|
|
fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
|
|
if (*pError != CKR_OK) {
|
|
goto loser;
|
|
}
|
|
|
|
fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n);
|
|
if( (ckmkInternalObject **)NULL == fo->objs ) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
goto loser;
|
|
}
|
|
|
|
(void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n);
|
|
nss_ZFreeIf(temp);
|
|
temp = (ckmkInternalObject **)NULL;
|
|
|
|
return rv;
|
|
|
|
loser:
|
|
nss_ZFreeIf(temp);
|
|
nss_ZFreeIf(fo);
|
|
nss_ZFreeIf(rv);
|
|
if ((NSSArena *)NULL != arena) {
|
|
NSSArena_Destroy(arena);
|
|
}
|
|
return (NSSCKMDFindObjects *)NULL;
|
|
}
|
|
|