diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index ea9e7a43d3d2..a2f96800350a 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -2818,7 +2818,7 @@ int main(int argc, char **argv) /* Do FIPS self-test */ if (bltest.commands[cmd_FIPS].activated) { - CK_RV ckrv = pk11_fipsPowerUpSelfTest(); + CK_RV ckrv = sftk_fipsPowerUpSelfTest(); fprintf(stdout, "CK_RV: %ld.\n", ckrv); return 0; } diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index 10d4bc127832..ec6e2f91c3fd 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -128,26 +128,26 @@ SECMOD_CreateModule(const char *library, const char *moduleName, if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } - mod->internal = pk11_argHasFlag("flags","internal",nssc); - mod->isFIPS = pk11_argHasFlag("flags","FIPS",nssc); - mod->isCritical = pk11_argHasFlag("flags","critical",nssc); - slotParams = pk11_argGetParamValue("slotParams",nssc); - mod->slotInfo = pk11_argParseSlotInfo(mod->arena,slotParams, + mod->internal = sftk_argHasFlag("flags","internal",nssc); + mod->isFIPS = sftk_argHasFlag("flags","FIPS",nssc); + mod->isCritical = sftk_argHasFlag("flags","critical",nssc); + slotParams = sftk_argGetParamValue("slotParams",nssc); + mod->slotInfo = sftk_argParseSlotInfo(mod->arena,slotParams, &mod->slotInfoCount); if (slotParams) PORT_Free(slotParams); /* new field */ - mod->trustOrder = pk11_argReadLong("trustOrder",nssc, - PK11_DEFAULT_TRUST_ORDER,NULL); + mod->trustOrder = sftk_argReadLong("trustOrder",nssc, + SFTK_DEFAULT_TRUST_ORDER,NULL); /* new field */ - mod->cipherOrder = pk11_argReadLong("cipherOrder",nssc, - PK11_DEFAULT_CIPHER_ORDER,NULL); + mod->cipherOrder = sftk_argReadLong("cipherOrder",nssc, + SFTK_DEFAULT_CIPHER_ORDER,NULL); /* new field */ - mod->isModuleDB = pk11_argHasFlag("flags","moduleDB",nssc); - mod->moduleDBOnly = pk11_argHasFlag("flags","moduleDBOnly",nssc); + mod->isModuleDB = sftk_argHasFlag("flags","moduleDB",nssc); + mod->moduleDBOnly = sftk_argHasFlag("flags","moduleDBOnly",nssc); if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE; - ciphers = pk11_argGetParamValue("ciphers",nssc); - pk11_argSetNewCipherFlags(&mod->ssl[0],ciphers); + ciphers = sftk_argGetParamValue("ciphers",nssc); + sftk_argSetNewCipherFlags(&mod->ssl[0],ciphers); if (ciphers) PORT_Free(ciphers); secmod_PrivateModuleCount++; @@ -156,7 +156,7 @@ SECMOD_CreateModule(const char *library, const char *moduleName, } static char * -pk11_mkModuleSpec(SECMODModule * module) +secmod_mkModuleSpec(SECMODModule * module) { char *nss = NULL, *modSpec = NULL, **slotStrings = NULL; int slotCount, i, si; @@ -189,7 +189,7 @@ pk11_mkModuleSpec(SECMODModule * module) if (module->slots[i]->defaultFlags) { PORT_Assert(si < slotCount); if (si >= slotCount) break; - slotStrings[si] = pk11_mkSlotString(module->slots[i]->slotID, + slotStrings[si] = sftk_mkSlotString(module->slots[i]->slotID, module->slots[i]->defaultFlags, module->slots[i]->timeout, module->slots[i]->askpw, @@ -200,7 +200,7 @@ pk11_mkModuleSpec(SECMODModule * module) } } else { for (i=0; i < slotCount; i++) { - slotStrings[i] = pk11_mkSlotString(module->slotInfo[i].slotID, + slotStrings[i] = sftk_mkSlotString(module->slotInfo[i].slotID, module->slotInfo[i].defaultFlags, module->slotInfo[i].timeout, module->slotInfo[i].askpw, @@ -210,10 +210,10 @@ pk11_mkModuleSpec(SECMODModule * module) } SECMOD_ReleaseReadLock(moduleLock); - nss = pk11_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS, + nss = sftk_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS, module->isModuleDB, module->moduleDBOnly, module->isCritical, module->trustOrder,module->cipherOrder,module->ssl[0],module->ssl[1]); - modSpec= pk11_mkNewModuleSpec(module->dllName,module->commonName, + modSpec= sftk_mkNewModuleSpec(module->dllName,module->commonName, module->libraryParams,nss); PORT_Free(slotStrings); PR_smprintf_free(nss); @@ -244,7 +244,7 @@ SECMOD_AddPermDB(SECMODModule *module) func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; if (func) { - moduleSpec = pk11_mkModuleSpec(module); + moduleSpec = secmod_mkModuleSpec(module); retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD, module->parent->libraryParams,moduleSpec); PORT_Free(moduleSpec); @@ -264,7 +264,7 @@ SECMOD_DeletePermDB(SECMODModule *module) func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; if (func) { - moduleSpec = pk11_mkModuleSpec(module); + moduleSpec = secmod_mkModuleSpec(module); retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL, module->parent->libraryParams,moduleSpec); PORT_Free(moduleSpec); @@ -300,7 +300,7 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) /* initialize the underlying module structures */ SECMOD_Init(); - status = pk11_argParseModuleSpec(modulespec, &library, &moduleName, + status = sftk_argParseModuleSpec(modulespec, &library, &moduleName, ¶meters, &nss); if (status != SECSuccess) { goto loser; diff --git a/security/nss/lib/softoken/dbinit.c b/security/nss/lib/softoken/dbinit.c index c6d44b531ebb..e0fc54e04bfa 100644 --- a/security/nss/lib/softoken/dbinit.c +++ b/security/nss/lib/softoken/dbinit.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: dbinit.c,v 1.24 2005/01/04 18:20:00 wtchang%redhat.com Exp $ */ +/* $Id: dbinit.c,v 1.25 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #include #include "seccomon.h" @@ -50,7 +50,7 @@ #include "pkcs11i.h" static char * -pk11_certdb_name_cb(void *arg, int dbVersion) +sftk_certdb_name_cb(void *arg, int dbVersion) { const char *configdir = (const char *)arg; const char *dbver; @@ -87,7 +87,7 @@ pk11_certdb_name_cb(void *arg, int dbVersion) } static char * -pk11_keydb_name_cb(void *arg, int dbVersion) +sftk_keydb_name_cb(void *arg, int dbVersion) { const char *configdir = (const char *)arg; const char *dbver; @@ -119,7 +119,7 @@ pk11_keydb_name_cb(void *arg, int dbVersion) } const char * -pk11_EvaluateConfigDir(const char *configdir,char **appName) +sftk_EvaluateConfigDir(const char *configdir,char **appName) { if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) { char *cdir; @@ -142,7 +142,7 @@ pk11_EvaluateConfigDir(const char *configdir,char **appName) } static CK_RV -pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, +sftk_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, NSSLOWCERTCertDBHandle **certdbPtr) { NSSLOWCERTCertDBHandle *certdb = NULL; @@ -155,7 +155,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, prefix = ""; } - configdir = pk11_EvaluateConfigDir(configdir, &appName); + configdir = sftk_EvaluateConfigDir(configdir, &appName); name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix); if (name == NULL) goto loser; @@ -166,7 +166,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, /* fix when we get the DB in */ rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix, - pk11_certdb_name_cb, (void *)name, PR_FALSE); + sftk_certdb_name_cb, (void *)name, PR_FALSE); if (rv == SECSuccess) { crv = CKR_OK; *certdbPtr = certdb; @@ -180,7 +180,7 @@ loser: } static CK_RV -pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly, +sftk_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly, NSSLOWKEYDBHandle **keydbPtr) { NSSLOWKEYDBHandle *keydb; @@ -190,13 +190,13 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly, if (prefix == NULL) { prefix = ""; } - configdir = pk11_EvaluateConfigDir(configdir, &appName); + configdir = sftk_EvaluateConfigDir(configdir, &appName); name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix); if (name == NULL) return CKR_HOST_MEMORY; keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix, - pk11_keydb_name_cb, (void *)name); + sftk_keydb_name_cb, (void *)name); PR_smprintf_free(name); if (appName) PORT_Free(appName); if (keydb == NULL) @@ -225,7 +225,7 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly, * be opened. */ CK_RV -pk11_DBInit(const char *configdir, const char *certPrefix, +sftk_DBInit(const char *configdir, const char *certPrefix, const char *keyPrefix, PRBool readOnly, PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen, NSSLOWCERTCertDBHandle **certdbPtr, NSSLOWKEYDBHandle **keydbPtr) @@ -234,7 +234,7 @@ pk11_DBInit(const char *configdir, const char *certPrefix, if (!noCertDB) { - crv = pk11_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr); + crv = sftk_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr); if (crv != CKR_OK) { if (!forceOpen) goto loser; crv = CKR_OK; @@ -242,7 +242,7 @@ pk11_DBInit(const char *configdir, const char *certPrefix, } if (!noKeyDB) { - crv = pk11_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr); + crv = sftk_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr); if (crv != CKR_OK) { if (!forceOpen) goto loser; crv = CKR_OK; @@ -256,7 +256,7 @@ loser: void -pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, +sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, NSSLOWKEYDBHandle *keyHandle) { if (certHandle) { @@ -270,8 +270,8 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, } static int rdbmapflags(int flags); -static rdbfunc pk11_rdbfunc = NULL; -static rdbstatusfunc pk11_rdbstatusfunc = NULL; +static rdbfunc sftk_rdbfunc = NULL; +static rdbstatusfunc sftk_rdbstatusfunc = NULL; /* NOTE: SHLIB_SUFFIX is defined on the command line */ #define RDBLIB SHLIB_PREFIX"rdb."SHLIB_SUFFIX @@ -282,10 +282,10 @@ DB * rdbopen(const char *appName, const char *prefix, PRLibrary *lib; DB *db; - if (pk11_rdbfunc) { - db = (*pk11_rdbfunc)(appName,prefix,type,rdbmapflags(flags)); - if (!db && status && pk11_rdbstatusfunc) { - *status = (*pk11_rdbstatusfunc)(); + if (sftk_rdbfunc) { + db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags)); + if (!db && status && sftk_rdbstatusfunc) { + *status = (*sftk_rdbstatusfunc)(); } return db; } @@ -300,12 +300,12 @@ DB * rdbopen(const char *appName, const char *prefix, } /* get the entry points */ - pk11_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus"); - pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen"); - if (pk11_rdbfunc) { - db = (*pk11_rdbfunc)(appName,prefix,type,rdbmapflags(flags)); - if (!db && status && pk11_rdbstatusfunc) { - *status = (*pk11_rdbstatusfunc)(); + sftk_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus"); + sftk_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen"); + if (sftk_rdbfunc) { + db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags)); + if (!db && status && sftk_rdbstatusfunc) { + *status = (*sftk_rdbstatusfunc)(); } return db; } @@ -385,7 +385,7 @@ db_InitComplete(DB *db) /* we should have addes a version number to the RDBS structure. Since we * didn't, we detect that we have and 'extended' structure if the rdbstatus * func exists */ - if (!pk11_rdbstatusfunc) { + if (!sftk_rdbstatusfunc) { return 0; } diff --git a/security/nss/lib/softoken/dbmshim.c b/security/nss/lib/softoken/dbmshim.c index 6bae92f543bf..dc56342de4a2 100644 --- a/security/nss/lib/softoken/dbmshim.c +++ b/security/nss/lib/softoken/dbmshim.c @@ -37,7 +37,7 @@ /* * Berkeley DB 1.85 Shim code to handle blobs. * - * $Id: dbmshim.c,v 1.10 2004/04/25 15:03:16 gerv%gerv.net Exp $ + * $Id: dbmshim.c,v 1.11 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #include "mcom_db.h" #include "secitem.h" @@ -45,7 +45,7 @@ #include "prprf.h" #include "cdbhdl.h" -/* Call to PK11_FreeSlot below */ +/* Call to SFTK_FreeSlot below */ #include "pcertt.h" #include "secasn1.h" diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c index f80abee89207..b882f90c9ed4 100644 --- a/security/nss/lib/softoken/fipstest.c +++ b/security/nss/lib/softoken/fipstest.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: fipstest.c,v 1.7 2004/04/27 23:04:38 gerv%gerv.net Exp $ */ +/* $Id: fipstest.c,v 1.8 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */ /* DES-CBC, DES3-ECB, DES3-CBC, RSA */ @@ -107,7 +107,7 @@ #define FIPS_DSA_BASE_LENGTH 64 /* 512-bits */ static CK_RV -pk11_fips_RC2_PowerUpSelfTest( void ) +sftk_fips_RC2_PowerUpSelfTest( void ) { /* RC2 Known Key (40-bits). */ static const PRUint8 rc2_known_key[] = { "RSARC" }; @@ -238,7 +238,7 @@ pk11_fips_RC2_PowerUpSelfTest( void ) static CK_RV -pk11_fips_RC4_PowerUpSelfTest( void ) +sftk_fips_RC4_PowerUpSelfTest( void ) { /* RC4 Known Key (40-bits). */ static const PRUint8 rc4_known_key[] = { "RSARC" }; @@ -307,7 +307,7 @@ pk11_fips_RC4_PowerUpSelfTest( void ) static CK_RV -pk11_fips_DES_PowerUpSelfTest( void ) +sftk_fips_DES_PowerUpSelfTest( void ) { /* DES Known Key (56-bits). */ static const PRUint8 des_known_key[] = { "ANSI DES" }; @@ -434,7 +434,7 @@ pk11_fips_DES_PowerUpSelfTest( void ) static CK_RV -pk11_fips_DES3_PowerUpSelfTest( void ) +sftk_fips_DES3_PowerUpSelfTest( void ) { /* DES3 Known Key (56-bits). */ static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" }; @@ -563,7 +563,7 @@ pk11_fips_DES3_PowerUpSelfTest( void ) static CK_RV -pk11_fips_MD2_PowerUpSelfTest( void ) +sftk_fips_MD2_PowerUpSelfTest( void ) { /* MD2 Known Hash Message (512-bits). */ static const PRUint8 md2_known_hash_message[] = { @@ -608,7 +608,7 @@ pk11_fips_MD2_PowerUpSelfTest( void ) static CK_RV -pk11_fips_MD5_PowerUpSelfTest( void ) +sftk_fips_MD5_PowerUpSelfTest( void ) { /* MD5 Known Hash Message (512-bits). */ static const PRUint8 md5_known_hash_message[] = { @@ -641,7 +641,7 @@ pk11_fips_MD5_PowerUpSelfTest( void ) static CK_RV -pk11_fips_SHA1_PowerUpSelfTest( void ) +sftk_fips_SHA1_PowerUpSelfTest( void ) { /* SHA-1 Known Hash Message (512-bits). */ static const PRUint8 sha1_known_hash_message[] = { @@ -675,7 +675,7 @@ pk11_fips_SHA1_PowerUpSelfTest( void ) static CK_RV -pk11_fips_RSA_PowerUpSelfTest( void ) +sftk_fips_RSA_PowerUpSelfTest( void ) { /* RSA Known Modulus used in both Public/Private Key Values (520-bits). */ static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { @@ -913,7 +913,7 @@ rsa_loser: static CK_RV -pk11_fips_DSA_PowerUpSelfTest( void ) +sftk_fips_DSA_PowerUpSelfTest( void ) { /* DSA Known P (512-bits), Q (160-bits), and G (512-bits) Values. */ static const PRUint8 dsa_P[] = { @@ -1032,60 +1032,60 @@ pk11_fips_DSA_PowerUpSelfTest( void ) CK_RV -pk11_fipsPowerUpSelfTest( void ) +sftk_fipsPowerUpSelfTest( void ) { CK_RV rv; /* RC2 Power-Up SelfTest(s). */ - rv = pk11_fips_RC2_PowerUpSelfTest(); + rv = sftk_fips_RC2_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* RC4 Power-Up SelfTest(s). */ - rv = pk11_fips_RC4_PowerUpSelfTest(); + rv = sftk_fips_RC4_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* DES Power-Up SelfTest(s). */ - rv = pk11_fips_DES_PowerUpSelfTest(); + rv = sftk_fips_DES_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* DES3 Power-Up SelfTest(s). */ - rv = pk11_fips_DES3_PowerUpSelfTest(); + rv = sftk_fips_DES3_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* MD2 Power-Up SelfTest(s). */ - rv = pk11_fips_MD2_PowerUpSelfTest(); + rv = sftk_fips_MD2_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* MD5 Power-Up SelfTest(s). */ - rv = pk11_fips_MD5_PowerUpSelfTest(); + rv = sftk_fips_MD5_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* SHA-1 Power-Up SelfTest(s). */ - rv = pk11_fips_SHA1_PowerUpSelfTest(); + rv = sftk_fips_SHA1_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* RSA Power-Up SelfTest(s). */ - rv = pk11_fips_RSA_PowerUpSelfTest(); + rv = sftk_fips_RSA_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; /* DSA Power-Up SelfTest(s). */ - rv = pk11_fips_DSA_PowerUpSelfTest(); + rv = sftk_fips_DSA_PowerUpSelfTest(); if( rv != CKR_OK ) return rv; diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index b584494f3423..af0e957be9be 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -64,7 +64,7 @@ static PRBool isLoggedIn = PR_FALSE; static PRBool fatalError = PR_FALSE; /* Fips required checks before any useful crypto graphic services */ -static CK_RV pk11_fipsCheck(void) { +static CK_RV sftk_fipsCheck(void) { if (isLoggedIn != PR_TRUE) return CKR_USER_NOT_LOGGED_IN; if (fatalError) @@ -73,11 +73,11 @@ static CK_RV pk11_fipsCheck(void) { } -#define PK11_FIPSCHECK() \ +#define SFTK_FIPSCHECK() \ CK_RV rv; \ - if ((rv = pk11_fipsCheck()) != CKR_OK) return rv; + if ((rv = sftk_fipsCheck()) != CKR_OK) return rv; -#define PK11_FIPSFATALCHECK() \ +#define SFTK_FIPSFATALCHECK() \ if (fatalError) return CKR_DEVICE_ERROR; @@ -118,7 +118,7 @@ fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate, #include "pkcs11f.h" /* ------------- build the CK_CRYPTO_TABLE ------------------------- */ -static CK_FUNCTION_LIST pk11_fipsTable = { +static CK_FUNCTION_LIST sftk_fipsTable = { { 1, 10 }, #undef CK_NEED_ARG_LIST @@ -149,7 +149,7 @@ fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) rv = NSC_GetAttributeValue(hSession, hObject, &class, 1); if (rv == CKR_OK) { if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) { - rv = pk11_fipsCheck(); + rv = sftk_fipsCheck(); } } return rv; @@ -163,7 +163,7 @@ fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) **********************************************************************/ /* return the function list */ CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) { - *pFunctionList = &pk11_fipsTable; + *pFunctionList = &sftk_fipsTable; return CKR_OK; } @@ -180,7 +180,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) { crv = nsc_CommonInitialize(pReserved, PR_TRUE); - /* not an 'else' rv can be set by either PK11_LowInit or PK11_SlotInit*/ + /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/ if (crv != CKR_OK) { fatalError = PR_TRUE; return crv; @@ -188,7 +188,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) { fatalError = PR_FALSE; /* any error has been reset */ - crv = pk11_fipsPowerUpSelfTest(); + crv = sftk_fipsPowerUpSelfTest(); if (crv != CKR_OK) { nsc_CommonFinalize(NULL, PR_TRUE); fatalError = PR_TRUE; @@ -252,7 +252,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/ CK_RV FC_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; /* FIPS Slot supports all functions */ return NSC_GetMechanismList(slotID,pMechanismList,pusCount); @@ -263,7 +263,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * possibly supported by a token. */ CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; /* FIPS Slot supports all functions */ return NSC_GetMechanismInfo(slotID,type,pInfo); @@ -289,14 +289,14 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) { CK_RV rv; - if ((rv = pk11_fipsCheck()) != CKR_OK) return rv; + if ((rv = sftk_fipsCheck()) != CKR_OK) return rv; return NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen); } /* FC_OpenSession opens a session between an application and a token. */ CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession); } @@ -317,7 +317,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = NSC_GetSessionInfo(hSession,pInfo); if (rv == CKR_OK) { @@ -335,7 +335,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG usPinLen) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = NSC_Login(hSession,userType,pPin,usPinLen); if (rv == CKR_OK) isLoggedIn = PR_TRUE; @@ -344,7 +344,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { isLoggedIn = PR_TRUE; /* Provide FIPS PUB 140-1 power-up self-tests on demand. */ - rv = pk11_fipsPowerUpSelfTest(); + rv = sftk_fipsPowerUpSelfTest(); if (rv == CKR_OK) return CKR_USER_ALREADY_LOGGED_IN; else @@ -355,7 +355,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_Logout logs a user out from a token. */ CK_RV FC_Logout(CK_SESSION_HANDLE hSession) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); rv = NSC_Logout(hSession); isLoggedIn = PR_FALSE; @@ -368,7 +368,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject) { CK_OBJECT_CLASS * classptr; - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS); if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; @@ -388,7 +388,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phNewObject) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = fips_login_if_key_object(hSession, hObject); if (rv != CKR_OK) { return rv; @@ -401,7 +401,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = fips_login_if_key_object(hSession, hObject); if (rv != CKR_OK) { return rv; @@ -414,7 +414,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = fips_login_if_key_object(hSession, hObject); if (rv != CKR_OK) { return rv; @@ -427,7 +427,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = fips_login_if_key_object(hSession, hObject); if (rv != CKR_OK) { return rv; @@ -440,7 +440,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) { CK_RV rv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); rv = fips_login_if_key_object(hSession, hObject); if (rv != CKR_OK) { return rv; @@ -459,7 +459,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV rv; PRBool needLogin = PR_FALSE; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); for (i=0; i < usCount; i++) { CK_OBJECT_CLASS class; @@ -479,7 +479,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { } } if (needLogin) { - if ((rv = pk11_fipsCheck()) != CKR_OK) return rv; + if ((rv = sftk_fipsCheck()) != CKR_OK) return rv; } return NSC_FindObjectsInit(hSession,pTemplate,usCount); } @@ -491,7 +491,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount) { /* let publically readable object be found */ - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_FindObjects(hSession,phObject,usMaxObjectCount, pusObjectCount); } @@ -504,7 +504,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_EncryptInit initializes an encryption operation. */ CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_EncryptInit(hSession,pMechanism,hKey); } @@ -512,7 +512,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pusEncryptedDataLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData, pusEncryptedDataLen); } @@ -522,7 +522,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pusEncryptedPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart, pusEncryptedPartLen); } @@ -532,7 +532,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_EncryptFinal(hSession,pLastEncryptedPart, pusLastEncryptedPartLen); } @@ -545,7 +545,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_DecryptInit initializes a decryption operation. */ CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DecryptInit(hSession,pMechanism,hKey); } @@ -553,7 +553,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData, CK_ULONG_PTR pusDataLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData, pusDataLen); } @@ -563,7 +563,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen, pPart,pusPartLen); } @@ -572,7 +572,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_DecryptFinal finishes a multiple-part decryption operation. */ CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen); } @@ -584,7 +584,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_DigestInit initializes a message-digesting operation. */ CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_DigestInit(hSession, pMechanism); } @@ -593,7 +593,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pusDigestLen) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen); } @@ -601,7 +601,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_DigestUpdate continues a multiple-part message-digesting operation. */ CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_ULONG usPartLen) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_DigestUpdate(hSession,pPart,usPartLen); } @@ -609,7 +609,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_DigestFinal finishes a multiple-part message-digesting operation. */ CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest, CK_ULONG_PTR pusDigestLen) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_DigestFinal(hSession,pDigest,pusDigestLen); } @@ -623,7 +623,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * and plaintext cannot be recovered from the signature */ CK_RV FC_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignInit(hSession,pMechanism,hKey); } @@ -634,7 +634,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen); } @@ -644,7 +644,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * and plaintext cannot be recovered from the signature */ CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_ULONG usPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignUpdate(hSession,pPart,usPartLen); } @@ -653,7 +653,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * returning the signature. */ CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignFinal(hSession,pSignature,pusSignatureLen); } @@ -665,7 +665,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * E.g. encryption with the user's private key */ CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignRecoverInit(hSession,pMechanism,hKey); } @@ -675,7 +675,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * E.g. encryption with the user's private key */ CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen); } @@ -688,7 +688,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * and plaintext cannot be recovered from the signature (e.g. DSA) */ CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_VerifyInit(hSession,pMechanism,hKey); } @@ -699,7 +699,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) { /* make sure we're legal */ - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen); } @@ -709,7 +709,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * and plaintext cannot be recovered from the signature */ CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_VerifyUpdate(hSession,pPart,usPartLen); } @@ -718,7 +718,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * checking the signature. */ CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_VerifyFinal(hSession,pSignature,usSignatureLen); } @@ -731,7 +731,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { * E.g. Decryption with the user's public key */ CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_VerifyRecoverInit(hSession,pMechanism,hKey); } @@ -742,7 +742,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen, CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData, pusDataLen); } @@ -757,7 +757,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE_PTR phKey) { CK_BBOOL *boolptr; - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); /* all secret keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ @@ -781,7 +781,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE_PTR phPrivateKey) { CK_BBOOL *boolptr; - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); /* all private keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ @@ -803,7 +803,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pusWrappedKeyLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, pusWrappedKeyLen); } @@ -817,7 +817,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE_PTR phKey) { CK_BBOOL *boolptr; - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); /* all secret keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ @@ -840,7 +840,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_OBJECT_HANDLE_PTR phKey) { CK_BBOOL *boolptr; - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); /* all secret keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ @@ -865,7 +865,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_ULONG usSeedLen) { CK_RV crv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); crv = NSC_SeedRandom(hSession,pSeed,usSeedLen); if (crv != CKR_OK) { fatalError = PR_TRUE; @@ -879,7 +879,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_BYTE_PTR pRandomData, CK_ULONG usRandomLen) { CK_RV crv; - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); crv = NSC_GenerateRandom(hSession,pRandomData,usRandomLen); if (crv != CKR_OK) { fatalError = PR_TRUE; @@ -891,14 +891,14 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_GetFunctionStatus obtains an updated status of a function running * in parallel with an application. */ CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_GetFunctionStatus(hSession); } /* FC_CancelFunction cancels a function running in parallel */ CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_CancelFunction(hSession); } @@ -910,7 +910,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { *operation in a session. */ CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen); } @@ -920,7 +920,7 @@ CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) { - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen, hEncryptionKey,hAuthenticationKey); } @@ -928,7 +928,7 @@ CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, /* FC_FindObjectsFinal finishes a search for token and session objects. */ CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) { /* let publically readable object be found */ - PK11_FIPSFATALCHECK(); + SFTK_FIPSFATALCHECK(); return NSC_FindObjectsFinal(hSession); } @@ -940,7 +940,7 @@ CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) { CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart, pulEncryptedPartLen); } @@ -952,7 +952,7 @@ CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen, pPart,pulPartLen); } @@ -963,7 +963,7 @@ CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart, pulEncryptedPartLen); } @@ -974,7 +974,7 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, pData,pulDataLen); } @@ -984,7 +984,7 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, * by digesting the value of a secret key as part of the data already digested. */ CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { - PK11_FIPSCHECK(); + SFTK_FIPSCHECK(); return NSC_DigestKey(hSession,hKey); } diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index c2e904e3b5f7..f380c735d743 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -37,7 +37,7 @@ /* * Permanent Certificate database handling code * - * $Id: pcertdb.c,v 1.48 2004/04/25 15:03:16 gerv%gerv.net Exp $ + * $Id: pcertdb.c,v 1.49 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #include "prtime.h" @@ -48,7 +48,7 @@ #include "secitem.h" #include "secder.h" -/* Call to PK11_FreeSlot below */ +/* Call to SFTK_FreeSlot below */ #include "secasn1.h" #include "secerr.h" diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index e59fd7856102..ad6d2887ba15 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -48,83 +48,83 @@ #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } static void -secmod_parseTokenFlags(char *tmp, pk11_token_parameters *parsed) { - parsed->readOnly = pk11_argHasFlag("flags","readOnly",tmp); - parsed->noCertDB = pk11_argHasFlag("flags","noCertDB",tmp); - parsed->noKeyDB = pk11_argHasFlag("flags","noKeyDB",tmp); - parsed->forceOpen = pk11_argHasFlag("flags","forceOpen",tmp); - parsed->pwRequired = pk11_argHasFlag("flags","passwordRequired",tmp); - parsed->optimizeSpace = pk11_argHasFlag("flags","optimizeSpace",tmp); +secmod_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) { + parsed->readOnly = sftk_argHasFlag("flags","readOnly",tmp); + parsed->noCertDB = sftk_argHasFlag("flags","noCertDB",tmp); + parsed->noKeyDB = sftk_argHasFlag("flags","noKeyDB",tmp); + parsed->forceOpen = sftk_argHasFlag("flags","forceOpen",tmp); + parsed->pwRequired = sftk_argHasFlag("flags","passwordRequired",tmp); + parsed->optimizeSpace = sftk_argHasFlag("flags","optimizeSpace",tmp); return; } static void -secmod_parseFlags(char *tmp, pk11_parameters *parsed) { - parsed->noModDB = pk11_argHasFlag("flags","noModDB",tmp); - parsed->readOnly = pk11_argHasFlag("flags","readOnly",tmp); +secmod_parseFlags(char *tmp, sftk_parameters *parsed) { + parsed->noModDB = sftk_argHasFlag("flags","noModDB",tmp); + parsed->readOnly = sftk_argHasFlag("flags","readOnly",tmp); /* keep legacy interface working */ - parsed->noCertDB = pk11_argHasFlag("flags","noCertDB",tmp); - parsed->forceOpen = pk11_argHasFlag("flags","forceOpen",tmp); - parsed->pwRequired = pk11_argHasFlag("flags","passwordRequired",tmp); - parsed->optimizeSpace = pk11_argHasFlag("flags","optimizeSpace",tmp); + parsed->noCertDB = sftk_argHasFlag("flags","noCertDB",tmp); + parsed->forceOpen = sftk_argHasFlag("flags","forceOpen",tmp); + parsed->pwRequired = sftk_argHasFlag("flags","passwordRequired",tmp); + parsed->optimizeSpace = sftk_argHasFlag("flags","optimizeSpace",tmp); return; } CK_RV -secmod_parseTokenParameters(char *param, pk11_token_parameters *parsed) +secmod_parseTokenParameters(char *param, sftk_token_parameters *parsed) { int next; char *tmp; char *index; - index = pk11_argStrip(param); + index = sftk_argStrip(param); while (*index) { - PK11_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) - PK11_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;) - PK11_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;) - PK11_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;) - PK11_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;) - PK11_HANDLE_STRING_ARG(index,tmp,"minPWLen=", + SFTK_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;) + SFTK_HANDLE_STRING_ARG(index,tmp,"minPWLen=", if(tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); }) - PK11_HANDLE_STRING_ARG(index,tmp,"flags=", + SFTK_HANDLE_STRING_ARG(index,tmp,"flags=", if(tmp) { secmod_parseTokenFlags(param,parsed); PORT_Free(tmp); }) - PK11_HANDLE_FINAL_ARG(index) + SFTK_HANDLE_FINAL_ARG(index) } return CKR_OK; } static void -secmod_parseTokens(char *tokenParams, pk11_parameters *parsed) +secmod_parseTokens(char *tokenParams, sftk_parameters *parsed) { char *tokenIndex; - pk11_token_parameters *tokens = NULL; + sftk_token_parameters *tokens = NULL; int i=0,count = 0,next; if ((tokenParams == NULL) || (*tokenParams == 0)) return; /* first count the number of slots */ - for (tokenIndex = pk11_argStrip(tokenParams); *tokenIndex; - tokenIndex = pk11_argStrip(pk11_argSkipParameter(tokenIndex))) { + for (tokenIndex = sftk_argStrip(tokenParams); *tokenIndex; + tokenIndex = sftk_argStrip(sftk_argSkipParameter(tokenIndex))) { count++; } /* get the data structures */ - tokens = (pk11_token_parameters *) - PORT_ZAlloc(count*sizeof(pk11_token_parameters)); + tokens = (sftk_token_parameters *) + PORT_ZAlloc(count*sizeof(sftk_token_parameters)); if (tokens == NULL) return; - for (tokenIndex = pk11_argStrip(tokenParams), i = 0; + for (tokenIndex = sftk_argStrip(tokenParams), i = 0; *tokenIndex && i < count ; i++ ) { char *name; - name = pk11_argGetName(tokenIndex,&next); + name = sftk_argGetName(tokenIndex,&next); tokenIndex += next; - tokens[i].slotID = pk11_argDecodeNumber(name); + tokens[i].slotID = sftk_argDecodeNumber(name); tokens[i].readOnly = PR_TRUE; tokens[i].noCertDB = PR_TRUE; tokens[i].noKeyDB = PR_TRUE; - if (!pk11_argIsBlank(*tokenIndex)) { - char *args = pk11_argFetchValue(tokenIndex,&next); + if (!sftk_argIsBlank(*tokenIndex)) { + char *args = sftk_argFetchValue(tokenIndex,&next); tokenIndex += next; if (args) { secmod_parseTokenParameters(args,&tokens[i]); @@ -132,7 +132,7 @@ secmod_parseTokens(char *tokenParams, pk11_parameters *parsed) } } if (name) PORT_Free(name); - tokenIndex = pk11_argStrip(tokenIndex); + tokenIndex = sftk_argStrip(tokenIndex); } parsed->token_count = i; parsed->tokens = tokens; @@ -140,7 +140,7 @@ secmod_parseTokens(char *tokenParams, pk11_parameters *parsed) } CK_RV -secmod_parseParameters(char *param, pk11_parameters *parsed, PRBool isFIPS) +secmod_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS) { int next; char *tmp; @@ -150,39 +150,39 @@ secmod_parseParameters(char *param, pk11_parameters *parsed, PRBool isFIPS) char *slotdes = NULL, *pslotdes = NULL; char *fslotdes = NULL, *fpslotdes = NULL; char *minPW = NULL; - index = pk11_argStrip(param); + index = sftk_argStrip(param); - PORT_Memset(parsed, 0, sizeof(pk11_parameters)); + PORT_Memset(parsed, 0, sizeof(sftk_parameters)); while (*index) { - PK11_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) - PK11_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;) - PK11_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;) - PK11_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;) + SFTK_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;) /* constructed values, used so legacy interfaces still work */ - PK11_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;) - PK11_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;) - PK11_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;) - PK11_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;) - PK11_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;) - PK11_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;) - PK11_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;) - PK11_HANDLE_STRING_ARG(index,minPW,"FIPSTokenDescription=",;) - PK11_HANDLE_STRING_ARG(index,tmp,"minPWLen=",;) + SFTK_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;) + SFTK_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;) + SFTK_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;) + SFTK_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;) + SFTK_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;) + SFTK_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;) + SFTK_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;) + SFTK_HANDLE_STRING_ARG(index,minPW,"FIPSTokenDescription=",;) + SFTK_HANDLE_STRING_ARG(index,tmp,"minPWLen=",;) - PK11_HANDLE_STRING_ARG(index,tmp,"flags=", + SFTK_HANDLE_STRING_ARG(index,tmp,"flags=", if(tmp) { secmod_parseFlags(param,parsed); PORT_Free(tmp); }) - PK11_HANDLE_STRING_ARG(index,tmp,"tokens=", + SFTK_HANDLE_STRING_ARG(index,tmp,"tokens=", if(tmp) { secmod_parseTokens(tmp,parsed); PORT_Free(tmp); }) - PK11_HANDLE_FINAL_ARG(index) + SFTK_HANDLE_FINAL_ARG(index) } if (parsed->tokens == NULL) { int count = isFIPS ? 1 : 2; int index = count-1; - pk11_token_parameters *tokens = NULL; + sftk_token_parameters *tokens = NULL; - tokens = (pk11_token_parameters *) - PORT_ZAlloc(count*sizeof(pk11_token_parameters)); + tokens = (sftk_token_parameters *) + PORT_ZAlloc(count*sizeof(sftk_token_parameters)); if (tokens == NULL) { goto loser; } @@ -235,7 +235,7 @@ loser: } void -secmod_freeParams(pk11_parameters *params) +secmod_freeParams(sftk_parameters *params) { int i; @@ -264,18 +264,18 @@ secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw) char *value = NULL; char *save_params = param; const char *lconfigdir; - param = pk11_argStrip(param); + param = sftk_argStrip(param); while (*param) { - PK11_HANDLE_STRING_ARG(param,configdir,"configDir=",;) - PK11_HANDLE_STRING_ARG(param,secmodName,"secmod=",;) - PK11_HANDLE_FINAL_ARG(param) + SFTK_HANDLE_STRING_ARG(param,configdir,"configDir=",;) + SFTK_HANDLE_STRING_ARG(param,secmodName,"secmod=",;) + SFTK_HANDLE_FINAL_ARG(param) } *rw = PR_TRUE; - if (pk11_argHasFlag("flags","readOnly",save_params) || - pk11_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE; + if (sftk_argHasFlag("flags","readOnly",save_params) || + sftk_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE; if (!secmodName || *secmodName == '\0') { if (secmodName) PORT_Free(secmodName); @@ -283,7 +283,7 @@ secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw) } *filename = secmodName; - lconfigdir = pk11_EvaluateConfigDir(configdir, appName); + lconfigdir = sftk_EvaluateConfigDir(configdir, appName); if (lconfigdir) { value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName); @@ -299,9 +299,9 @@ static SECStatus secmod_MakeKey(DBT *key, char * module) { int len = 0; char *commonName; - commonName = pk11_argGetParamValue("name",module); + commonName = sftk_argGetParamValue("name",module); if (commonName == NULL) { - commonName = pk11_argGetParamValue("library",module); + commonName = sftk_argGetParamValue("library",module); } if (commonName == NULL) return SECFailure; len = PORT_Strlen(commonName); @@ -393,7 +393,7 @@ secmod_EncodeData(DBT *data, char * module) PK11PreSlotInfo *slotInfo = NULL; SECStatus rv = SECFailure; - rv = pk11_argParseModuleSpec(module,&dllName,&commonName,¶m,&nss); + rv = sftk_argParseModuleSpec(module,&dllName,&commonName,¶m,&nss); if (rv != SECSuccess) return rv; rv = SECFailure; @@ -410,8 +410,8 @@ secmod_EncodeData(DBT *data, char * module) len3 = PORT_Strlen(param); } - slotParams = pk11_argGetParamValue("slotParams",nss); - slotInfo = pk11_argParseSlotInfo(NULL,slotParams,&count); + slotParams = sftk_argGetParamValue("slotParams",nss); + slotInfo = sftk_argParseSlotInfo(NULL,slotParams,&count); if (slotParams) PORT_Free(slotParams); if (count && slotInfo == NULL) { @@ -435,24 +435,24 @@ secmod_EncodeData(DBT *data, char * module) encoded->major = SECMOD_DB_VERSION_MAJOR; encoded->minor = SECMOD_DB_VERSION_MINOR; encoded->internal = (unsigned char) - (pk11_argHasFlag("flags","internal",nss) ? 1 : 0); + (sftk_argHasFlag("flags","internal",nss) ? 1 : 0); encoded->fips = (unsigned char) - (pk11_argHasFlag("flags","FIPS",nss) ? 1 : 0); + (sftk_argHasFlag("flags","FIPS",nss) ? 1 : 0); encoded->isModuleDB = (unsigned char) - (pk11_argHasFlag("flags","isModuleDB",nss) ? 1 : 0); + (sftk_argHasFlag("flags","isModuleDB",nss) ? 1 : 0); encoded->isModuleDBOnly = (unsigned char) - (pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0); + (sftk_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0); encoded->isCritical = (unsigned char) - (pk11_argHasFlag("flags","critical",nss) ? 1 : 0); + (sftk_argHasFlag("flags","critical",nss) ? 1 : 0); - order = pk11_argReadLong("trustOrder",nss, PK11_DEFAULT_TRUST_ORDER, NULL); + order = sftk_argReadLong("trustOrder",nss, SFTK_DEFAULT_TRUST_ORDER, NULL); SECMOD_PUTLONG(encoded->trustOrder,order); - order = pk11_argReadLong("cipherOrder",nss,PK11_DEFAULT_CIPHER_ORDER,NULL); + order = sftk_argReadLong("cipherOrder",nss,SFTK_DEFAULT_CIPHER_ORDER,NULL); SECMOD_PUTLONG(encoded->cipherOrder,order); - ciphers = pk11_argGetParamValue("ciphers",nss); - pk11_argSetNewCipherFlags(&ssl[0], ciphers); + ciphers = sftk_argGetParamValue("ciphers",nss); + sftk_argSetNewCipherFlags(&ssl[0], ciphers); SECMOD_PUTLONG(encoded->ssl,ssl[0]); SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]); if (ciphers) PORT_Free(ciphers); @@ -549,8 +549,8 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) unsigned long slotID; unsigned long defaultFlags; unsigned long timeout; - unsigned long trustOrder =PK11_DEFAULT_TRUST_ORDER; - unsigned long cipherOrder =PK11_DEFAULT_CIPHER_ORDER; + unsigned long trustOrder =SFTK_DEFAULT_TRUST_ORDER; + unsigned long cipherOrder =SFTK_DEFAULT_CIPHER_ORDER; unsigned short len; unsigned short namesOffset = 0; /* start of the names block */ unsigned long namesRunningOffset; /* offset to name we are @@ -726,14 +726,14 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) hasRootCerts = slots->hasRootCerts; if (isOldVersion && internal && (slotID != 2)) { unsigned long internalFlags= - pk11_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS); + sftk_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS); defaultFlags |= internalFlags; } if (hasRootCerts && !extended) { trustOrder = 100; } - slotStrings[i] = pk11_mkSlotString(slotID, defaultFlags, timeout, + slotStrings[i] = sftk_mkSlotString(slotID, defaultFlags, timeout, (unsigned char)slots->askpw, hasRootCerts, hasRootTrust); if (slotStrings[i] == NULL) { @@ -742,13 +742,13 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) } } - nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, + nss = sftk_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1); secmod_FreeSlotStrings(slotStrings,slotCount); /* it's permissible (and normal) for nss to be NULL. it simply means * there are no NSS specific parameters in the database */ - moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss); + moduleSpec = sftk_mkNewModuleSpec(dllName,commonName,parameters,nss); PR_smprintf_free(nss); PORT_FreeArena(arena,PR_TRUE); return moduleSpec; @@ -855,7 +855,7 @@ secmod_addEscape(const char *string, char quote) } #define SECMOD_STEP 10 -#define PK11_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={%s askpw=any timeout=30})\"" +#define SFTK_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={%s askpw=any timeout=30})\"" /* * Read all the existing modules in */ @@ -905,7 +905,7 @@ done: if (!moduleList[0]) { char * newparams = secmod_addEscape(params,'"'); if (newparams) { - moduleList[0] = PR_smprintf(PK11_DEFAULT_INTERNAL_INIT,newparams, + moduleList[0] = PR_smprintf(SFTK_DEFAULT_INTERNAL_INIT,newparams, SECMOD_SLOT_FLAGS); PORT_Free(newparams); } diff --git a/security/nss/lib/softoken/pk11pars.h b/security/nss/lib/softoken/pk11pars.h index bad76024346d..7b62b344073c 100644 --- a/security/nss/lib/softoken/pk11pars.h +++ b/security/nss/lib/softoken/pk11pars.h @@ -51,61 +51,61 @@ #include "secmodt.h" #include "pk11init.h" -#define PK11_ARG_LIBRARY_PARAMETER "library=" -#define PK11_ARG_NAME_PARAMETER "name=" -#define PK11_ARG_MODULE_PARAMETER "parameters=" -#define PK11_ARG_NSS_PARAMETER "NSS=" -#define PK11_ARG_FORTEZZA_FLAG "FORTEZZA" -#define PK11_ARG_ESCAPE '\\' +#define SFTK_ARG_LIBRARY_PARAMETER "library=" +#define SFTK_ARG_NAME_PARAMETER "name=" +#define SFTK_ARG_MODULE_PARAMETER "parameters=" +#define SFTK_ARG_NSS_PARAMETER "NSS=" +#define SFTK_ARG_FORTEZZA_FLAG "FORTEZZA" +#define SFTK_ARG_ESCAPE '\\' -struct pk11argSlotFlagTable { +struct sftkargSlotFlagTable { char *name; int len; unsigned long value; }; -#define PK11_DEFAULT_CIPHER_ORDER 0 -#define PK11_DEFAULT_TRUST_ORDER 50 +#define SFTK_DEFAULT_CIPHER_ORDER 0 +#define SFTK_DEFAULT_TRUST_ORDER 50 -#define PK11_ARG_ENTRY(arg,flag) \ +#define SFTK_ARG_ENTRY(arg,flag) \ { #arg , sizeof(#arg)-1, flag } -static struct pk11argSlotFlagTable pk11_argSlotFlagTable[] = { - PK11_ARG_ENTRY(RSA,SECMOD_RSA_FLAG), - PK11_ARG_ENTRY(DSA,SECMOD_RSA_FLAG), - PK11_ARG_ENTRY(RC2,SECMOD_RC4_FLAG), - PK11_ARG_ENTRY(RC4,SECMOD_RC2_FLAG), - PK11_ARG_ENTRY(DES,SECMOD_DES_FLAG), - PK11_ARG_ENTRY(DH,SECMOD_DH_FLAG), - PK11_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG), - PK11_ARG_ENTRY(RC5,SECMOD_RC5_FLAG), - PK11_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG), - PK11_ARG_ENTRY(MD5,SECMOD_MD5_FLAG), - PK11_ARG_ENTRY(MD2,SECMOD_MD2_FLAG), - PK11_ARG_ENTRY(SSL,SECMOD_SSL_FLAG), - PK11_ARG_ENTRY(TLS,SECMOD_TLS_FLAG), - PK11_ARG_ENTRY(AES,SECMOD_AES_FLAG), - PK11_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG), - PK11_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG), +static struct sftkargSlotFlagTable sftk_argSlotFlagTable[] = { + SFTK_ARG_ENTRY(RSA,SECMOD_RSA_FLAG), + SFTK_ARG_ENTRY(DSA,SECMOD_RSA_FLAG), + SFTK_ARG_ENTRY(RC2,SECMOD_RC4_FLAG), + SFTK_ARG_ENTRY(RC4,SECMOD_RC2_FLAG), + SFTK_ARG_ENTRY(DES,SECMOD_DES_FLAG), + SFTK_ARG_ENTRY(DH,SECMOD_DH_FLAG), + SFTK_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG), + SFTK_ARG_ENTRY(RC5,SECMOD_RC5_FLAG), + SFTK_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG), + SFTK_ARG_ENTRY(MD5,SECMOD_MD5_FLAG), + SFTK_ARG_ENTRY(MD2,SECMOD_MD2_FLAG), + SFTK_ARG_ENTRY(SSL,SECMOD_SSL_FLAG), + SFTK_ARG_ENTRY(TLS,SECMOD_TLS_FLAG), + SFTK_ARG_ENTRY(AES,SECMOD_AES_FLAG), + SFTK_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG), + SFTK_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG), }; -#define PK11_HANDLE_STRING_ARG(param,target,value,command) \ +#define SFTK_HANDLE_STRING_ARG(param,target,value,command) \ if (PORT_Strncasecmp(param,value,sizeof(value)-1) == 0) { \ param += sizeof(value)-1; \ - target = pk11_argFetchValue(param,&next); \ + target = sftk_argFetchValue(param,&next); \ param += next; \ command ;\ } else -#define PK11_HANDLE_FINAL_ARG(param) \ - { param = pk11_argSkipParameter(param); } param = pk11_argStrip(param); +#define SFTK_HANDLE_FINAL_ARG(param) \ + { param = sftk_argSkipParameter(param); } param = sftk_argStrip(param); -static int pk11_argSlotFlagTableSize = - sizeof(pk11_argSlotFlagTable)/sizeof(pk11_argSlotFlagTable[0]); +static int sftk_argSlotFlagTableSize = + sizeof(sftk_argSlotFlagTable)/sizeof(sftk_argSlotFlagTable[0]); -static PRBool pk11_argGetPair(char c) { +static PRBool sftk_argGetPair(char c) { switch (c) { case '\'': return c; case '\"': return c; @@ -118,15 +118,15 @@ static PRBool pk11_argGetPair(char c) { return ' '; } -static PRBool pk11_argIsBlank(char c) { +static PRBool sftk_argIsBlank(char c) { return isspace(c); } -static PRBool pk11_argIsEscape(char c) { +static PRBool sftk_argIsEscape(char c) { return c == '\\'; } -static PRBool pk11_argIsQuote(char c) { +static PRBool sftk_argIsQuote(char c) { switch (c) { case '\'': case '\"': @@ -139,7 +139,7 @@ static PRBool pk11_argIsQuote(char c) { return PR_FALSE; } -static PRBool pk11_argHasChar(char *v, char c) +static PRBool sftk_argHasChar(char *v, char c) { for ( ;*v; v++) { if (*v == c) return PR_TRUE; @@ -147,26 +147,26 @@ static PRBool pk11_argHasChar(char *v, char c) return PR_FALSE; } -static PRBool pk11_argHasBlanks(char *v) +static PRBool sftk_argHasBlanks(char *v) { for ( ;*v; v++) { - if (pk11_argIsBlank(*v)) return PR_TRUE; + if (sftk_argIsBlank(*v)) return PR_TRUE; } return PR_FALSE; } -static char *pk11_argStrip(char *c) { - while (*c && pk11_argIsBlank(*c)) c++; +static char *sftk_argStrip(char *c) { + while (*c && sftk_argIsBlank(*c)) c++; return c; } static char * -pk11_argFindEnd(char *string) { +sftk_argFindEnd(char *string) { char endChar = ' '; PRBool lastEscape = PR_FALSE; - if (pk11_argIsQuote(*string)) { - endChar = pk11_argGetPair(*string); + if (sftk_argIsQuote(*string)) { + endChar = sftk_argGetPair(*string); string++; } @@ -175,11 +175,11 @@ pk11_argFindEnd(char *string) { lastEscape = PR_FALSE; continue; } - if (pk11_argIsEscape(*string) && !lastEscape) { + if (sftk_argIsEscape(*string) && !lastEscape) { lastEscape = PR_TRUE; continue; } - if ((endChar == ' ') && pk11_argIsBlank(*string)) break; + if ((endChar == ' ') && sftk_argIsBlank(*string)) break; if (*string == endChar) { break; } @@ -189,9 +189,9 @@ pk11_argFindEnd(char *string) { } static char * -pk11_argFetchValue(char *string, int *pcount) +sftk_argFetchValue(char *string, int *pcount) { - char *end = pk11_argFindEnd(string); + char *end = sftk_argFindEnd(string); char *retString, *copyString; PRBool lastEscape = PR_FALSE; @@ -202,9 +202,9 @@ pk11_argFetchValue(char *string, int *pcount) copyString = retString = (char *)PORT_Alloc(*pcount); if (retString == NULL) return NULL; - if (pk11_argIsQuote(*string)) string++; + if (sftk_argIsQuote(*string)) string++; for (; string < end; string++) { - if (pk11_argIsEscape(*string) && !lastEscape) { + if (sftk_argIsEscape(*string) && !lastEscape) { lastEscape = PR_TRUE; continue; } @@ -216,44 +216,44 @@ pk11_argFetchValue(char *string, int *pcount) } static char * -pk11_argSkipParameter(char *string) +sftk_argSkipParameter(char *string) { char *end; /* look for the end of the = */ for (;*string; string++) { if (*string == '=') { string++; break; } - if (pk11_argIsBlank(*string)) return(string); + if (sftk_argIsBlank(*string)) return(string); } - end = pk11_argFindEnd(string); + end = sftk_argFindEnd(string); if (*end) end++; return end; } static SECStatus -pk11_argParseModuleSpec(char *modulespec, char **lib, char **mod, +sftk_argParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss) { int next; - modulespec = pk11_argStrip(modulespec); + modulespec = sftk_argStrip(modulespec); *lib = *mod = *parameters = *nss = 0; while (*modulespec) { - PK11_HANDLE_STRING_ARG(modulespec,*lib,PK11_ARG_LIBRARY_PARAMETER,;) - PK11_HANDLE_STRING_ARG(modulespec,*mod,PK11_ARG_NAME_PARAMETER,;) - PK11_HANDLE_STRING_ARG(modulespec,*parameters, - PK11_ARG_MODULE_PARAMETER,;) - PK11_HANDLE_STRING_ARG(modulespec,*nss,PK11_ARG_NSS_PARAMETER,;) - PK11_HANDLE_FINAL_ARG(modulespec) + SFTK_HANDLE_STRING_ARG(modulespec,*lib,SFTK_ARG_LIBRARY_PARAMETER,;) + SFTK_HANDLE_STRING_ARG(modulespec,*mod,SFTK_ARG_NAME_PARAMETER,;) + SFTK_HANDLE_STRING_ARG(modulespec,*parameters, + SFTK_ARG_MODULE_PARAMETER,;) + SFTK_HANDLE_STRING_ARG(modulespec,*nss,SFTK_ARG_NSS_PARAMETER,;) + SFTK_HANDLE_FINAL_ARG(modulespec) } return SECSuccess; } static char * -pk11_argGetParamValue(char *paramName,char *parameters) +sftk_argGetParamValue(char *paramName,char *parameters) { char searchValue[256]; int paramLen = strlen(paramName); @@ -269,19 +269,19 @@ pk11_argGetParamValue(char *paramName,char *parameters) while (*parameters) { if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) { parameters += paramLen+1; - returnValue = pk11_argFetchValue(parameters,&next); + returnValue = sftk_argFetchValue(parameters,&next); break; } else { - parameters = pk11_argSkipParameter(parameters); + parameters = sftk_argSkipParameter(parameters); } - parameters = pk11_argStrip(parameters); + parameters = sftk_argStrip(parameters); } return returnValue; } static char * -pk11_argNextFlag(char *flags) +sftk_argNextFlag(char *flags) { for (; *flags ; flags++) { if (*flags == ',') { @@ -293,16 +293,16 @@ pk11_argNextFlag(char *flags) } static PRBool -pk11_argHasFlag(char *label, char *flag, char *parameters) +sftk_argHasFlag(char *label, char *flag, char *parameters) { char *flags,*index; int len = strlen(flag); PRBool found = PR_FALSE; - flags = pk11_argGetParamValue(label,parameters); + flags = sftk_argGetParamValue(label,parameters); if (flags == NULL) return PR_FALSE; - for (index=flags; *index; index=pk11_argNextFlag(index)) { + for (index=flags; *index; index=sftk_argNextFlag(index)) { if (PORT_Strncasecmp(index,flag,len) == 0) { found=PR_TRUE; break; @@ -313,14 +313,14 @@ pk11_argHasFlag(char *label, char *flag, char *parameters) } static void -pk11_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList) +sftk_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList) { newCiphers[0] = newCiphers[1] = 0; if ((cipherList == NULL) || (*cipherList == 0)) return; - for (;*cipherList; cipherList=pk11_argNextFlag(cipherList)) { - if (PORT_Strncasecmp(cipherList,PK11_ARG_FORTEZZA_FLAG, - sizeof(PK11_ARG_FORTEZZA_FLAG)-1) == 0) { + for (;*cipherList; cipherList=sftk_argNextFlag(cipherList)) { + if (PORT_Strncasecmp(cipherList,SFTK_ARG_FORTEZZA_FLAG, + sizeof(SFTK_ARG_FORTEZZA_FLAG)-1) == 0) { newCiphers[0] |= SECMOD_FORTEZZA_FLAG; } @@ -341,7 +341,7 @@ pk11_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList) * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal */ static long -pk11_argDecodeNumber(char *num) +sftk_argDecodeNumber(char *num) { int radix = 10; unsigned long value = 0; @@ -351,7 +351,7 @@ pk11_argDecodeNumber(char *num) if (num == NULL) return retValue; - num = pk11_argStrip(num); + num = sftk_argStrip(num); if (*num == '-') { sign = -1; @@ -387,18 +387,18 @@ pk11_argDecodeNumber(char *num) } static long -pk11_argReadLong(char *label,char *params, long defValue, PRBool *isdefault) +sftk_argReadLong(char *label,char *params, long defValue, PRBool *isdefault) { char *value; long retValue; if (isdefault) *isdefault = PR_FALSE; - value = pk11_argGetParamValue(label,params); + value = sftk_argGetParamValue(label,params); if (value == NULL) { if (isdefault) *isdefault = PR_TRUE; return defValue; } - retValue = pk11_argDecodeNumber(value); + retValue = sftk_argDecodeNumber(value); if (value) PORT_Free(value); return retValue; @@ -406,23 +406,23 @@ pk11_argReadLong(char *label,char *params, long defValue, PRBool *isdefault) static unsigned long -pk11_argSlotFlags(char *label,char *params) +sftk_argSlotFlags(char *label,char *params) { char *flags,*index; unsigned long retValue = 0; int i; PRBool all = PR_FALSE; - flags = pk11_argGetParamValue(label,params); + flags = sftk_argGetParamValue(label,params); if (flags == NULL) return 0; if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE; - for (index=flags; *index; index=pk11_argNextFlag(index)) { - for (i=0; i < pk11_argSlotFlagTableSize; i++) { - if (all || (PORT_Strncasecmp(index, pk11_argSlotFlagTable[i].name, - pk11_argSlotFlagTable[i].len) == 0)) { - retValue |= pk11_argSlotFlagTable[i].value; + for (index=flags; *index; index=sftk_argNextFlag(index)) { + for (i=0; i < sftk_argSlotFlagTableSize; i++) { + if (all || (PORT_Strncasecmp(index, sftk_argSlotFlagTable[i].name, + sftk_argSlotFlagTable[i].len) == 0)) { + retValue |= sftk_argSlotFlagTable[i].value; } } } @@ -432,15 +432,15 @@ pk11_argSlotFlags(char *label,char *params) static void -pk11_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo) +sftk_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo) { char *askpw; - slotInfo->slotID=pk11_argDecodeNumber(name); - slotInfo->defaultFlags=pk11_argSlotFlags("slotFlags",params); - slotInfo->timeout=pk11_argReadLong("timeout",params, 0, NULL); + slotInfo->slotID=sftk_argDecodeNumber(name); + slotInfo->defaultFlags=sftk_argSlotFlags("slotFlags",params); + slotInfo->timeout=sftk_argReadLong("timeout",params, 0, NULL); - askpw = pk11_argGetParamValue("askpw",params); + askpw = sftk_argGetParamValue("askpw",params); slotInfo->askpw = 0; if (askpw) { @@ -452,12 +452,12 @@ pk11_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo) PORT_Free(askpw); slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS; } - slotInfo->hasRootCerts = pk11_argHasFlag("rootFlags","hasRootCerts",params); - slotInfo->hasRootTrust = pk11_argHasFlag("rootFlags","hasRootTrust",params); + slotInfo->hasRootCerts = sftk_argHasFlag("rootFlags","hasRootCerts",params); + slotInfo->hasRootTrust = sftk_argHasFlag("rootFlags","hasRootTrust",params); } static char * -pk11_argGetName(char *inString, int *next) +sftk_argGetName(char *inString, int *next) { char *name=NULL; char *string; @@ -466,7 +466,7 @@ pk11_argGetName(char *inString, int *next) /* look for the end of the = */ for (string = inString;*string; string++) { if (*string == '=') { break; } - if (pk11_argIsBlank(*string)) break; + if (sftk_argIsBlank(*string)) break; } len = string - inString; @@ -482,7 +482,7 @@ pk11_argGetName(char *inString, int *next) } static PK11PreSlotInfo * -pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) +sftk_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) { char *slotIndex; PK11PreSlotInfo *slotInfo = NULL; @@ -492,8 +492,8 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) if ((slotParams == NULL) || (*slotParams == 0)) return NULL; /* first count the number of slots */ - for (slotIndex = pk11_argStrip(slotParams); *slotIndex; - slotIndex = pk11_argStrip(pk11_argSkipParameter(slotIndex))) { + for (slotIndex = sftk_argStrip(slotParams); *slotIndex; + slotIndex = sftk_argStrip(sftk_argSkipParameter(slotIndex))) { count++; } @@ -508,38 +508,38 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) } if (slotInfo == NULL) return NULL; - for (slotIndex = pk11_argStrip(slotParams), i = 0; + for (slotIndex = sftk_argStrip(slotParams), i = 0; *slotIndex && i < count ; ) { char *name; - name = pk11_argGetName(slotIndex,&next); + name = sftk_argGetName(slotIndex,&next); slotIndex += next; - if (!pk11_argIsBlank(*slotIndex)) { - char *args = pk11_argFetchValue(slotIndex,&next); + if (!sftk_argIsBlank(*slotIndex)) { + char *args = sftk_argFetchValue(slotIndex,&next); slotIndex += next; if (args) { - pk11_argDecodeSingleSlotInfo(name,args,&slotInfo[i]); + sftk_argDecodeSingleSlotInfo(name,args,&slotInfo[i]); i++; PORT_Free(args); } } if (name) PORT_Free(name); - slotIndex = pk11_argStrip(slotIndex); + slotIndex = sftk_argStrip(slotIndex); } *retCount = i; return slotInfo; } -static char *pk11_nullString = ""; +static char *sftk_nullString = ""; static char * -pk11_formatValue(PRArenaPool *arena, char *value, char quote) +sftk_formatValue(PRArenaPool *arena, char *value, char quote) { char *vp,*vp2,*retval; int size = 0, escapes = 0; for (vp=value; *vp ;vp++) { - if ((*vp == quote) || (*vp == PK11_ARG_ESCAPE)) escapes++; + if ((*vp == quote) || (*vp == SFTK_ARG_ESCAPE)) escapes++; size++; } if (arena) { @@ -550,48 +550,48 @@ pk11_formatValue(PRArenaPool *arena, char *value, char quote) if (retval == NULL) return NULL; vp2 = retval; for (vp=value; *vp; vp++) { - if ((*vp == quote) || (*vp == PK11_ARG_ESCAPE)) - *vp2++ = PK11_ARG_ESCAPE; + if ((*vp == quote) || (*vp == SFTK_ARG_ESCAPE)) + *vp2++ = SFTK_ARG_ESCAPE; *vp2++ = *vp; } return retval; } -static char *pk11_formatPair(char *name,char *value, char quote) +static char *sftk_formatPair(char *name,char *value, char quote) { char openQuote = quote; - char closeQuote = pk11_argGetPair(quote); + char closeQuote = sftk_argGetPair(quote); char *newValue = NULL; char *returnValue; PRBool need_quote = PR_FALSE; - if (!value || (*value == 0)) return pk11_nullString; + if (!value || (*value == 0)) return sftk_nullString; - if (pk11_argHasBlanks(value) || pk11_argIsQuote(value[0])) + if (sftk_argHasBlanks(value) || sftk_argIsQuote(value[0])) need_quote=PR_TRUE; - if ((need_quote && pk11_argHasChar(value,closeQuote)) - || pk11_argHasChar(value,PK11_ARG_ESCAPE)) { - value = newValue = pk11_formatValue(NULL, value,quote); - if (newValue == NULL) return pk11_nullString; + if ((need_quote && sftk_argHasChar(value,closeQuote)) + || sftk_argHasChar(value,SFTK_ARG_ESCAPE)) { + value = newValue = sftk_formatValue(NULL, value,quote); + if (newValue == NULL) return sftk_nullString; } if (need_quote) { returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote); } else { returnValue = PR_smprintf("%s=%s",name,value); } - if (returnValue == NULL) returnValue = pk11_nullString; + if (returnValue == NULL) returnValue = sftk_nullString; if (newValue) PORT_Free(newValue); return returnValue; } -static char *pk11_formatIntPair(char *name,unsigned long value, unsigned long def) +static char *sftk_formatIntPair(char *name,unsigned long value, unsigned long def) { char *returnValue; - if (value == def) return pk11_nullString; + if (value == def) return sftk_nullString; returnValue = PR_smprintf("%s=%d",name,value); @@ -599,9 +599,9 @@ static char *pk11_formatIntPair(char *name,unsigned long value, unsigned long de } static void -pk11_freePair(char *pair) +sftk_freePair(char *pair) { - if (pair && pair != pk11_nullString) { + if (pair && pair != sftk_nullString) { PR_smprintf_free(pair); } } @@ -609,7 +609,7 @@ pk11_freePair(char *pair) #define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\ sizeof("moduleDBOnly")+sizeof("critical") static char * -pk11_mkNSSFlags(PRBool internal, PRBool isFIPS, +sftk_mkNSSFlags(PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical) { char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE); @@ -644,7 +644,7 @@ pk11_mkNSSFlags(PRBool internal, PRBool isFIPS, } static char * -pk11_mkCipherFlags(unsigned long ssl0, unsigned long ssl1) +sftk_mkCipherFlags(unsigned long ssl0, unsigned long ssl1) { char *cipher = NULL; int i; @@ -685,7 +685,7 @@ pk11_mkCipherFlags(unsigned long ssl0, unsigned long ssl1) } static char * -pk11_mkSlotFlags(unsigned long defaultFlags) +sftk_mkSlotFlags(unsigned long defaultFlags) { char *flags=NULL; int i,j; @@ -694,9 +694,9 @@ pk11_mkSlotFlags(unsigned long defaultFlags) if (defaultFlags & (1<attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); if (type != CKC_X_509) { return CKR_ATTRIBUTE_VALUE_INVALID; @@ -617,35 +617,35 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) /* X.509 Certificate */ /* make sure we have a cert */ - if ( !pk11_hasAttribute(object,CKA_VALUE) ) { + if ( !sftk_hasAttribute(object,CKA_VALUE) ) { return CKR_TEMPLATE_INCOMPLETE; } /* in PKCS #11, Subject is a required field */ - if ( !pk11_hasAttribute(object,CKA_SUBJECT) ) { + if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) { return CKR_TEMPLATE_INCOMPLETE; } /* in PKCS #11, Issuer is a required field */ - if ( !pk11_hasAttribute(object,CKA_ISSUER) ) { + if ( !sftk_hasAttribute(object,CKA_ISSUER) ) { return CKR_TEMPLATE_INCOMPLETE; } /* in PKCS #11, Serial is a required field */ - if ( !pk11_hasAttribute(object,CKA_SERIAL_NUMBER) ) { + if ( !sftk_hasAttribute(object,CKA_SERIAL_NUMBER) ) { return CKR_TEMPLATE_INCOMPLETE; } /* add it to the object */ object->objectInfo = NULL; - object->infoFree = (PK11Free) NULL; + object->infoFree = (SFTKFree) NULL; /* now just verify the required date fields */ - crv = pk11_defaultAttribute(object, CKA_ID, NULL, 0); + crv = sftk_defaultAttribute(object, CKA_ID, NULL, 0); if (crv != CKR_OK) { return crv; } - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; SECItem derCert; NSSLOWCERTCertificate *cert; NSSLOWCERTCertTrust *trust = NULL; @@ -664,14 +664,14 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) } /* get the der cert */ - attribute = pk11_FindAttribute(object,CKA_VALUE); + attribute = sftk_FindAttribute(object,CKA_VALUE); PORT_Assert(attribute); derCert.type = 0; derCert.data = (unsigned char *)attribute->attrib.pValue; derCert.len = attribute->attrib.ulValueLen ; - label = pk11_getString(object,CKA_LABEL); + label = sftk_getString(object,CKA_LABEL); cert = nsslowcert_FindCertByDERCert(slot->certDB, &derCert); if (cert == NULL) { @@ -680,7 +680,7 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) } if (cert == NULL) { if (label) PORT_Free(label); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_ATTRIBUTE_VALUE_INVALID; } @@ -696,7 +696,7 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) } if (label) PORT_Free(label); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); if (rv != SECSuccess) { nsslowcert_DestroyCertificate(cert); @@ -706,7 +706,7 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) /* * Add a NULL S/MIME profile if necessary. */ - email = pk11_getString(object,CKA_NETSCAPE_EMAIL); + email = sftk_getString(object,CKA_NETSCAPE_EMAIL); if (email) { certDBEntrySMime *entry; @@ -719,7 +719,7 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) } PORT_Free(email); } - object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT); + object->handle=sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_CERT); nsslowcert_DestroyCertificate(cert); } @@ -727,7 +727,7 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) } unsigned int -pk11_MapTrust(CK_TRUST trust, PRBool clientAuth) +sftk_MapTrust(CK_TRUST trust, PRBool clientAuth) { unsigned int trustCA = clientAuth ? CERTDB_TRUSTED_CLIENT_CA : CERTDB_TRUSTED_CA; @@ -755,35 +755,35 @@ pk11_MapTrust(CK_TRUST trust, PRBool clientAuth) * check the consistancy and initialize a Trust Object */ static CK_RV -pk11_handleTrustObject(PK11Session *session,PK11Object *object) +sftk_handleTrustObject(SFTKSession *session,SFTKObject *object) { NSSLOWCERTIssuerAndSN issuerSN; /* we can't store any certs private */ - if (pk11_isTrue(object,CKA_PRIVATE)) { + if (sftk_isTrue(object,CKA_PRIVATE)) { return CKR_ATTRIBUTE_VALUE_INVALID; } /* certificates must have a type */ - if ( !pk11_hasAttribute(object,CKA_ISSUER) ) { + if ( !sftk_hasAttribute(object,CKA_ISSUER) ) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object,CKA_SERIAL_NUMBER) ) { + if ( !sftk_hasAttribute(object,CKA_SERIAL_NUMBER) ) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object,CKA_CERT_SHA1_HASH) ) { + if ( !sftk_hasAttribute(object,CKA_CERT_SHA1_HASH) ) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object,CKA_CERT_MD5_HASH) ) { + if ( !sftk_hasAttribute(object,CKA_CERT_MD5_HASH) ) { return CKR_TEMPLATE_INCOMPLETE; } - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; - PK11Attribute *issuer = NULL; - PK11Attribute *serial = NULL; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; + SFTKAttribute *issuer = NULL; + SFTKAttribute *serial = NULL; NSSLOWCERTCertificate *cert = NULL; - PK11Attribute *trust; + SFTKAttribute *trust; CK_TRUST sslTrust = CKT_NETSCAPE_TRUST_UNKNOWN; CK_TRUST clientTrust = CKT_NETSCAPE_TRUST_UNKNOWN; CK_TRUST emailTrust = CKT_NETSCAPE_TRUST_UNKNOWN; @@ -796,62 +796,62 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object) if (slot->certDB == NULL) { return CKR_TOKEN_WRITE_PROTECTED; } - issuer = pk11_FindAttribute(object,CKA_ISSUER); + issuer = sftk_FindAttribute(object,CKA_ISSUER); PORT_Assert(issuer); issuerSN.derIssuer.data = (unsigned char *)issuer->attrib.pValue; issuerSN.derIssuer.len = issuer->attrib.ulValueLen ; - serial = pk11_FindAttribute(object,CKA_SERIAL_NUMBER); + serial = sftk_FindAttribute(object,CKA_SERIAL_NUMBER); PORT_Assert(serial); issuerSN.serialNumber.data = (unsigned char *)serial->attrib.pValue; issuerSN.serialNumber.len = serial->attrib.ulValueLen ; cert = nsslowcert_FindCertByIssuerAndSN(slot->certDB,&issuerSN); - pk11_FreeAttribute(serial); - pk11_FreeAttribute(issuer); + sftk_FreeAttribute(serial); + sftk_FreeAttribute(issuer); if (cert == NULL) { return CKR_ATTRIBUTE_VALUE_INVALID; } - trust = pk11_FindAttribute(object,CKA_TRUST_SERVER_AUTH); + trust = sftk_FindAttribute(object,CKA_TRUST_SERVER_AUTH); if (trust) { if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) { PORT_Memcpy(&sslTrust,trust->attrib.pValue, sizeof(sslTrust)); } - pk11_FreeAttribute(trust); + sftk_FreeAttribute(trust); } - trust = pk11_FindAttribute(object,CKA_TRUST_CLIENT_AUTH); + trust = sftk_FindAttribute(object,CKA_TRUST_CLIENT_AUTH); if (trust) { if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) { PORT_Memcpy(&clientTrust,trust->attrib.pValue, sizeof(clientTrust)); } - pk11_FreeAttribute(trust); + sftk_FreeAttribute(trust); } - trust = pk11_FindAttribute(object,CKA_TRUST_EMAIL_PROTECTION); + trust = sftk_FindAttribute(object,CKA_TRUST_EMAIL_PROTECTION); if (trust) { if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) { PORT_Memcpy(&emailTrust,trust->attrib.pValue, sizeof(emailTrust)); } - pk11_FreeAttribute(trust); + sftk_FreeAttribute(trust); } - trust = pk11_FindAttribute(object,CKA_TRUST_CODE_SIGNING); + trust = sftk_FindAttribute(object,CKA_TRUST_CODE_SIGNING); if (trust) { if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) { PORT_Memcpy(&signTrust,trust->attrib.pValue, sizeof(signTrust)); } - pk11_FreeAttribute(trust); + sftk_FreeAttribute(trust); } stepUp = CK_FALSE; - trust = pk11_FindAttribute(object,CKA_TRUST_STEP_UP_APPROVED); + trust = sftk_FindAttribute(object,CKA_TRUST_STEP_UP_APPROVED); if (trust) { if (trust->attrib.ulValueLen == sizeof(CK_BBOOL)) { stepUp = *(CK_BBOOL*)trust->attrib.pValue; } - pk11_FreeAttribute(trust); + sftk_FreeAttribute(trust); } /* preserve certain old fields */ @@ -864,16 +864,16 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object) cert->trust->objectSigningFlags & CERTDB_PRESERVE_TRUST_BITS; } - dbTrust.sslFlags |= pk11_MapTrust(sslTrust,PR_FALSE); - dbTrust.sslFlags |= pk11_MapTrust(clientTrust,PR_TRUE); - dbTrust.emailFlags |= pk11_MapTrust(emailTrust,PR_FALSE); - dbTrust.objectSigningFlags |= pk11_MapTrust(signTrust,PR_FALSE); + dbTrust.sslFlags |= sftk_MapTrust(sslTrust,PR_FALSE); + dbTrust.sslFlags |= sftk_MapTrust(clientTrust,PR_TRUE); + dbTrust.emailFlags |= sftk_MapTrust(emailTrust,PR_FALSE); + dbTrust.objectSigningFlags |= sftk_MapTrust(signTrust,PR_FALSE); if (stepUp) { dbTrust.sslFlags |= CERTDB_GOVT_APPROVED_CA; } rv = nsslowcert_ChangeCertTrust(slot->certDB,cert,&dbTrust); - object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_TRUST); + object->handle=sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_TRUST); nsslowcert_DestroyCertificate(cert); if (rv != SECSuccess) { return CKR_DEVICE_ERROR; @@ -887,29 +887,29 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object) * check the consistancy and initialize a Trust Object */ static CK_RV -pk11_handleSMimeObject(PK11Session *session,PK11Object *object) +sftk_handleSMimeObject(SFTKSession *session,SFTKObject *object) { /* we can't store any certs private */ - if (pk11_isTrue(object,CKA_PRIVATE)) { + if (sftk_isTrue(object,CKA_PRIVATE)) { return CKR_ATTRIBUTE_VALUE_INVALID; } /* certificates must have a type */ - if ( !pk11_hasAttribute(object,CKA_SUBJECT) ) { + if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object,CKA_NETSCAPE_EMAIL) ) { + if ( !sftk_hasAttribute(object,CKA_NETSCAPE_EMAIL) ) { return CKR_TEMPLATE_INCOMPLETE; } - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; SECItem derSubj,rawProfile,rawTime,emailKey; SECItem *pRawProfile = NULL; SECItem *pRawTime = NULL; char *email = NULL; - PK11Attribute *subject,*profile,*time; + SFTKAttribute *subject,*profile,*time; SECStatus rv; PORT_Assert(slot); @@ -918,14 +918,14 @@ pk11_handleSMimeObject(PK11Session *session,PK11Object *object) } /* lookup SUBJECT */ - subject = pk11_FindAttribute(object,CKA_SUBJECT); + subject = sftk_FindAttribute(object,CKA_SUBJECT); PORT_Assert(subject); derSubj.data = (unsigned char *)subject->attrib.pValue; derSubj.len = subject->attrib.ulValueLen ; derSubj.type = 0; /* lookup VALUE */ - profile = pk11_FindAttribute(object,CKA_VALUE); + profile = sftk_FindAttribute(object,CKA_VALUE); if (profile) { rawProfile.data = (unsigned char *)profile->attrib.pValue; rawProfile.len = profile->attrib.ulValueLen ; @@ -934,7 +934,7 @@ pk11_handleSMimeObject(PK11Session *session,PK11Object *object) } /* lookup Time */ - time = pk11_FindAttribute(object,CKA_NETSCAPE_SMIME_TIMESTAMP); + time = sftk_FindAttribute(object,CKA_NETSCAPE_SMIME_TIMESTAMP); if (time) { rawTime.data = (unsigned char *)time->attrib.pValue; rawTime.len = time->attrib.ulValueLen ; @@ -943,15 +943,15 @@ pk11_handleSMimeObject(PK11Session *session,PK11Object *object) } - email = pk11_getString(object,CKA_NETSCAPE_EMAIL); + email = sftk_getString(object,CKA_NETSCAPE_EMAIL); /* Store CRL by SUBJECT */ rv = nsslowcert_SaveSMimeProfile(slot->certDB, email, &derSubj, pRawProfile,pRawTime); - pk11_FreeAttribute(subject); - if (profile) pk11_FreeAttribute(profile); - if (time) pk11_FreeAttribute(time); + sftk_FreeAttribute(subject); + if (profile) sftk_FreeAttribute(profile); + if (time) sftk_FreeAttribute(time); if (rv != SECSuccess) { PORT_Free(email); return CKR_DEVICE_ERROR; @@ -959,7 +959,7 @@ pk11_handleSMimeObject(PK11Session *session,PK11Object *object) emailKey.data = (unsigned char *)email; emailKey.len = PORT_Strlen(email)+1; - object->handle = pk11_mkHandle(slot, &emailKey, PK11_TOKEN_TYPE_SMIME); + object->handle = sftk_mkHandle(slot, &emailKey, SFTK_TOKEN_TYPE_SMIME); PORT_Free(email); } @@ -970,28 +970,28 @@ pk11_handleSMimeObject(PK11Session *session,PK11Object *object) * check the consistancy and initialize a Trust Object */ static CK_RV -pk11_handleCrlObject(PK11Session *session,PK11Object *object) +sftk_handleCrlObject(SFTKSession *session,SFTKObject *object) { /* we can't store any certs private */ - if (pk11_isTrue(object,CKA_PRIVATE)) { + if (sftk_isTrue(object,CKA_PRIVATE)) { return CKR_ATTRIBUTE_VALUE_INVALID; } /* certificates must have a type */ - if ( !pk11_hasAttribute(object,CKA_SUBJECT) ) { + if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object,CKA_VALUE) ) { + if ( !sftk_hasAttribute(object,CKA_VALUE) ) { return CKR_TEMPLATE_INCOMPLETE; } - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; PRBool isKRL = PR_FALSE; SECItem derSubj,derCrl; char *url = NULL; - PK11Attribute *subject,*crl; + SFTKAttribute *subject,*crl; SECStatus rv; PORT_Assert(slot); @@ -1000,20 +1000,20 @@ pk11_handleCrlObject(PK11Session *session,PK11Object *object) } /* lookup SUBJECT */ - subject = pk11_FindAttribute(object,CKA_SUBJECT); + subject = sftk_FindAttribute(object,CKA_SUBJECT); PORT_Assert(subject); derSubj.data = (unsigned char *)subject->attrib.pValue; derSubj.len = subject->attrib.ulValueLen ; /* lookup VALUE */ - crl = pk11_FindAttribute(object,CKA_VALUE); + crl = sftk_FindAttribute(object,CKA_VALUE); PORT_Assert(crl); derCrl.data = (unsigned char *)crl->attrib.pValue; derCrl.len = crl->attrib.ulValueLen ; - url = pk11_getString(object,CKA_NETSCAPE_URL); - isKRL = pk11_isTrue(object,CKA_NETSCAPE_KRL); + url = sftk_getString(object,CKA_NETSCAPE_URL); + isKRL = sftk_isTrue(object,CKA_NETSCAPE_KRL); /* Store CRL by SUBJECT */ rv = nsslowcert_AddCrl(slot->certDB, &derCrl, &derSubj, url, isKRL); @@ -1021,19 +1021,19 @@ pk11_handleCrlObject(PK11Session *session,PK11Object *object) if (url) { PORT_Free(url); } - pk11_FreeAttribute(crl); + sftk_FreeAttribute(crl); if (rv != SECSuccess) { - pk11_FreeAttribute(subject); + sftk_FreeAttribute(subject); return CKR_DEVICE_ERROR; } /* if we overwrote the existing CRL, poison the handle entry so we get * a new object handle */ - (void) pk11_poisonHandle(slot, &derSubj, - isKRL ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL); - object->handle = pk11_mkHandle(slot, &derSubj, - isKRL ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL); - pk11_FreeAttribute(subject); + (void) sftk_poisonHandle(slot, &derSubj, + isKRL ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL); + object->handle = sftk_mkHandle(slot, &derSubj, + isKRL ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL); + sftk_FreeAttribute(subject); } return CKR_OK; @@ -1043,7 +1043,7 @@ pk11_handleCrlObject(PK11Session *session,PK11Object *object) * check the consistancy and initialize a Public Key Object */ static CK_RV -pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, +sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type) { CK_BBOOL encrypt = CK_TRUE; @@ -1056,33 +1056,33 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, switch (key_type) { case CKK_RSA: - crv = pk11_ConstrainAttribute(object, CKA_MODULUS, + crv = sftk_ConstrainAttribute(object, CKA_MODULUS, RSA_MIN_MODULUS_BITS, 0, 0); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_PUBLIC_EXPONENT, 2, 0, 0); + crv = sftk_ConstrainAttribute(object, CKA_PUBLIC_EXPONENT, 2, 0, 0); if (crv != CKR_OK) { return crv; } pubKeyAttr = CKA_MODULUS; break; case CKK_DSA: - crv = pk11_ConstrainAttribute(object, CKA_SUBPRIME, + crv = sftk_ConstrainAttribute(object, CKA_SUBPRIME, DSA_Q_BITS, DSA_Q_BITS, 0); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_PRIME, + crv = sftk_ConstrainAttribute(object, CKA_PRIME, DSA_MIN_P_BITS, DSA_MAX_P_BITS, 64); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_BASE, 1, DSA_MAX_P_BITS, 0); + crv = sftk_ConstrainAttribute(object, CKA_BASE, 1, DSA_MAX_P_BITS, 0); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_VALUE, 1, DSA_MAX_P_BITS, 0); + crv = sftk_ConstrainAttribute(object, CKA_VALUE, 1, DSA_MAX_P_BITS, 0); if (crv != CKR_OK) { return crv; } @@ -1091,16 +1091,16 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, wrap = CK_FALSE; break; case CKK_DH: - crv = pk11_ConstrainAttribute(object, CKA_PRIME, + crv = sftk_ConstrainAttribute(object, CKA_PRIME, DH_MIN_P_BITS, DH_MAX_P_BITS, 0); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_BASE, 1, DH_MAX_P_BITS, 0); + crv = sftk_ConstrainAttribute(object, CKA_BASE, 1, DH_MAX_P_BITS, 0); if (crv != CKR_OK) { return crv; } - crv = pk11_ConstrainAttribute(object, CKA_VALUE, 1, DH_MAX_P_BITS, 0); + crv = sftk_ConstrainAttribute(object, CKA_VALUE, 1, DH_MAX_P_BITS, 0); if (crv != CKR_OK) { return crv; } @@ -1112,10 +1112,10 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, break; #ifdef NSS_ENABLE_ECC case CKK_EC: - if ( !pk11_hasAttribute(object, CKA_EC_PARAMS)) { + if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_EC_POINT)) { + if ( !sftk_hasAttribute(object, CKA_EC_POINT)) { return CKR_TEMPLATE_INCOMPLETE; } pubKeyAttr = CKA_EC_POINT; @@ -1131,32 +1131,32 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, } /* make sure the required fields exist */ - crv = pk11_defaultAttribute(object,CKA_SUBJECT,NULL,0); + crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_VERIFY,&verify,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_VERIFY,&verify,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_VERIFY_RECOVER, + crv = sftk_defaultAttribute(object,CKA_VERIFY_RECOVER, &recover,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_WRAP,&wrap,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_WRAP,&wrap,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - object->objectInfo = pk11_GetPubKey(object,key_type, &crv); + object->objectInfo = sftk_GetPubKey(object,key_type, &crv); if (object->objectInfo == NULL) { return crv; } - object->infoFree = (PK11Free) nsslowkey_DestroyPublicKey; + object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey; - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; NSSLOWKEYPrivateKey *priv; SECItem pubKey; - crv = pk11_Attribute2SSecItem(NULL,&pubKey,object,pubKeyAttr); + crv = sftk_Attribute2SSecItem(NULL,&pubKey,object,pubKeyAttr); if (crv != CKR_OK) return crv; PORT_Assert(pubKey.data); @@ -1180,7 +1180,7 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, } nsslowkey_DestroyPrivateKey(priv); - object->handle = pk11_mkHandle(slot, &pubKey, PK11_TOKEN_TYPE_PUB); + object->handle = sftk_mkHandle(slot, &pubKey, SFTK_TOKEN_TYPE_PUB); PORT_Free(pubKey.data); } @@ -1188,13 +1188,13 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, } static NSSLOWKEYPrivateKey * -pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key, CK_RV *rvp); +sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp); /* * check the consistancy and initialize a Private Key Object */ static CK_RV -pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE key_type) +sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE key_type) { CK_BBOOL cktrue = CK_TRUE; CK_BBOOL encrypt = CK_TRUE; @@ -1207,55 +1207,55 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE switch (key_type) { case CKK_RSA: - if ( !pk11_hasAttribute(object, CKA_MODULUS)) { + if ( !sftk_hasAttribute(object, CKA_MODULUS)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_PUBLIC_EXPONENT)) { + if ( !sftk_hasAttribute(object, CKA_PUBLIC_EXPONENT)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_PRIVATE_EXPONENT)) { + if ( !sftk_hasAttribute(object, CKA_PRIVATE_EXPONENT)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_PRIME_1)) { + if ( !sftk_hasAttribute(object, CKA_PRIME_1)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_PRIME_2)) { + if ( !sftk_hasAttribute(object, CKA_PRIME_2)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_EXPONENT_1)) { + if ( !sftk_hasAttribute(object, CKA_EXPONENT_1)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_EXPONENT_2)) { + if ( !sftk_hasAttribute(object, CKA_EXPONENT_2)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_COEFFICIENT)) { + if ( !sftk_hasAttribute(object, CKA_COEFFICIENT)) { return CKR_TEMPLATE_INCOMPLETE; } /* make sure Netscape DB attribute is set correctly */ - crv = pk11_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); + crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); if (crv != CKR_OK) return crv; - crv = pk11_forceAttribute(object, CKA_NETSCAPE_DB, - pk11_item_expand(&mod)); + crv = sftk_forceAttribute(object, CKA_NETSCAPE_DB, + sftk_item_expand(&mod)); if (mod.data) PORT_Free(mod.data); if (crv != CKR_OK) return crv; break; case CKK_DSA: - if ( !pk11_hasAttribute(object, CKA_SUBPRIME)) { + if ( !sftk_hasAttribute(object, CKA_SUBPRIME)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_NETSCAPE_DB)) { + if ( !sftk_hasAttribute(object, CKA_NETSCAPE_DB)) { return CKR_TEMPLATE_INCOMPLETE; } /* fall through */ case CKK_DH: - if ( !pk11_hasAttribute(object, CKA_PRIME)) { + if ( !sftk_hasAttribute(object, CKA_PRIME)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_BASE)) { + if ( !sftk_hasAttribute(object, CKA_BASE)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_VALUE)) { + if ( !sftk_hasAttribute(object, CKA_VALUE)) { return CKR_TEMPLATE_INCOMPLETE; } encrypt = CK_FALSE; @@ -1264,13 +1264,13 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE break; #ifdef NSS_ENABLE_ECC case CKK_EC: - if ( !pk11_hasAttribute(object, CKA_EC_PARAMS)) { + if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_VALUE)) { + if ( !sftk_hasAttribute(object, CKA_VALUE)) { return CKR_TEMPLATE_INCOMPLETE; } - if ( !pk11_hasAttribute(object, CKA_NETSCAPE_DB)) { + if ( !sftk_hasAttribute(object, CKA_NETSCAPE_DB)) { return CKR_TEMPLATE_INCOMPLETE; } encrypt = CK_FALSE; @@ -1282,35 +1282,35 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE default: return CKR_ATTRIBUTE_VALUE_INVALID; } - crv = pk11_defaultAttribute(object,CKA_SUBJECT,NULL,0); + crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_SENSITIVE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_SENSITIVE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_DECRYPT,&encrypt,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_DECRYPT,&encrypt,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_SIGN,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_SIGN,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_SIGN_RECOVER,&recover, + crv = sftk_defaultAttribute(object,CKA_SIGN_RECOVER,&recover, sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_UNWRAP,&wrap,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_UNWRAP,&wrap,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; /* the next two bits get modified only in the key gen and token cases */ - crv = pk11_forceAttribute(object,CKA_ALWAYS_SENSITIVE, + crv = sftk_forceAttribute(object,CKA_ALWAYS_SENSITIVE, &ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_forceAttribute(object,CKA_NEVER_EXTRACTABLE, + crv = sftk_forceAttribute(object,CKA_NEVER_EXTRACTABLE, &ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; /* should we check the non-token RSA private keys? */ - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; NSSLOWKEYPrivateKey *privKey; char *label; SECStatus rv = SECSuccess; @@ -1320,11 +1320,11 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE return CKR_TOKEN_WRITE_PROTECTED; } - privKey=pk11_mkPrivKey(object,key_type,&crv); + privKey=sftk_mkPrivKey(object,key_type,&crv); if (privKey == NULL) return crv; - label = pk11_getString(object,CKA_LABEL); + label = sftk_getString(object,CKA_LABEL); - crv = pk11_Attribute2SSecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB); + crv = sftk_Attribute2SSecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB); if (crv != CKR_OK) { if (label) PORT_Free(label); nsslowkey_DestroyPrivateKey(privKey); @@ -1348,69 +1348,69 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE fail: if (label) PORT_Free(label); - object->handle = pk11_mkHandle(slot,&pubKey,PK11_TOKEN_TYPE_PRIV); + object->handle = sftk_mkHandle(slot,&pubKey,SFTK_TOKEN_TYPE_PRIV); if (pubKey.data) PORT_Free(pubKey.data); nsslowkey_DestroyPrivateKey(privKey); if (rv != SECSuccess) return CKR_DEVICE_ERROR; } else { - object->objectInfo = pk11_mkPrivKey(object,key_type,&crv); + object->objectInfo = sftk_mkPrivKey(object,key_type,&crv); if (object->objectInfo == NULL) return crv; - object->infoFree = (PK11Free) nsslowkey_DestroyPrivateKey; + object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey; /* now NULL out the sensitive attributes */ - if (pk11_isTrue(object,CKA_SENSITIVE)) { - pk11_nullAttribute(object,CKA_PRIVATE_EXPONENT); - pk11_nullAttribute(object,CKA_PRIME_1); - pk11_nullAttribute(object,CKA_PRIME_2); - pk11_nullAttribute(object,CKA_EXPONENT_1); - pk11_nullAttribute(object,CKA_EXPONENT_2); - pk11_nullAttribute(object,CKA_COEFFICIENT); + if (sftk_isTrue(object,CKA_SENSITIVE)) { + sftk_nullAttribute(object,CKA_PRIVATE_EXPONENT); + sftk_nullAttribute(object,CKA_PRIME_1); + sftk_nullAttribute(object,CKA_PRIME_2); + sftk_nullAttribute(object,CKA_EXPONENT_1); + sftk_nullAttribute(object,CKA_EXPONENT_2); + sftk_nullAttribute(object,CKA_COEFFICIENT); } } return CKR_OK; } /* forward delcare the DES formating function for handleSecretKey */ -void pk11_FormatDESKey(unsigned char *key, int length); -static NSSLOWKEYPrivateKey *pk11_mkSecretKeyRep(PK11Object *object); +void sftk_FormatDESKey(unsigned char *key, int length); +static NSSLOWKEYPrivateKey *sftk_mkSecretKeyRep(SFTKObject *object); /* Validate secret key data, and set defaults */ static CK_RV -validateSecretKey(PK11Session *session, PK11Object *object, +validateSecretKey(SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type, PRBool isFIPS) { CK_RV crv; CK_BBOOL cktrue = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; - PK11Attribute *attribute = NULL; + SFTKAttribute *attribute = NULL; unsigned long requiredLen; - crv = pk11_defaultAttribute(object,CKA_SENSITIVE, + crv = sftk_defaultAttribute(object,CKA_SENSITIVE, isFIPS?&cktrue:&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_EXTRACTABLE, + crv = sftk_defaultAttribute(object,CKA_EXTRACTABLE, &cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_ENCRYPT,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_DECRYPT,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_DECRYPT,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_SIGN,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_SIGN,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_VERIFY,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_VERIFY,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_WRAP,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_WRAP,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_UNWRAP,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_UNWRAP,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - if ( !pk11_hasAttribute(object, CKA_VALUE)) { + if ( !sftk_hasAttribute(object, CKA_VALUE)) { return CKR_TEMPLATE_INCOMPLETE; } /* the next two bits get modified only in the key gen and token cases */ - crv = pk11_forceAttribute(object,CKA_ALWAYS_SENSITIVE, + crv = sftk_forceAttribute(object,CKA_ALWAYS_SENSITIVE, &ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_forceAttribute(object,CKA_NEVER_EXTRACTABLE, + crv = sftk_forceAttribute(object,CKA_NEVER_EXTRACTABLE, &ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; @@ -1432,30 +1432,30 @@ validateSecretKey(PK11Session *session, PK11Object *object, #if NSS_SOFTOKEN_DOES_IDEA case CKK_IDEA: #endif - attribute = pk11_FindAttribute(object,CKA_VALUE); + attribute = sftk_FindAttribute(object,CKA_VALUE); /* shouldn't happen */ if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; - crv = pk11_forceAttribute(object, CKA_VALUE_LEN, + crv = sftk_forceAttribute(object, CKA_VALUE_LEN, &attribute->attrib.ulValueLen, sizeof(CK_ULONG)); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); break; /* force the value to have the correct parity */ case CKK_DES: case CKK_DES2: case CKK_DES3: case CKK_CDMF: - attribute = pk11_FindAttribute(object,CKA_VALUE); + attribute = sftk_FindAttribute(object,CKA_VALUE); /* shouldn't happen */ if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; - requiredLen = pk11_MapKeySize(key_type); + requiredLen = sftk_MapKeySize(key_type); if (attribute->attrib.ulValueLen != requiredLen) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_KEY_SIZE_RANGE; } - pk11_FormatDESKey((unsigned char*)attribute->attrib.pValue, + sftk_FormatDESKey((unsigned char*)attribute->attrib.pValue, attribute->attrib.ulValueLen); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); break; default: break; @@ -1464,14 +1464,14 @@ validateSecretKey(PK11Session *session, PK11Object *object, return crv; } -#define PK11_KEY_MAX_RETRIES 10 /* don't hang if we are having problems with the rng */ -#define PK11_KEY_ID_SIZE 18 /* don't use either SHA1 or MD5 sizes */ +#define SFTK_KEY_MAX_RETRIES 10 /* don't hang if we are having problems with the rng */ +#define SFTK_KEY_ID_SIZE 18 /* don't use either SHA1 or MD5 sizes */ /* * Secret keys must have a CKA_ID value to be stored in the database. This code * will generate one if there wasn't one already. */ static CK_RV -pk11_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label) +sftk_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label) { unsigned int retries; SECStatus rv = SECSuccess; @@ -1491,19 +1491,19 @@ pk11_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label) id->data = NULL; id->len = 0; } - id->data = (unsigned char *)PORT_Alloc(PK11_KEY_ID_SIZE); + id->data = (unsigned char *)PORT_Alloc(SFTK_KEY_ID_SIZE); if (id->data == NULL) { return CKR_HOST_MEMORY; } - id->len = PK11_KEY_ID_SIZE; + id->len = SFTK_KEY_ID_SIZE; retries = 0; do { rv = RNG_GenerateGlobalRandomBytes(id->data,id->len); } while (rv == SECSuccess && nsslowkey_KeyForIDExists(handle,id) && - (++retries <= PK11_KEY_MAX_RETRIES)); + (++retries <= SFTK_KEY_MAX_RETRIES)); - if ((rv != SECSuccess) || (retries > PK11_KEY_MAX_RETRIES)) { + if ((rv != SECSuccess) || (retries > SFTK_KEY_MAX_RETRIES)) { crv = CKR_DEVICE_ERROR; /* random number generator is bad */ PORT_Free(id->data); id->data = NULL; @@ -1516,7 +1516,7 @@ pk11_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label) * check the consistancy and initialize a Secret Key Object */ static CK_RV -pk11_handleSecretKeyObject(PK11Session *session,PK11Object *object, +sftk_handleSecretKeyObject(SFTKSession *session,SFTKObject *object, CK_KEY_TYPE key_type, PRBool isFIPS) { CK_RV crv; @@ -1531,17 +1531,17 @@ pk11_handleSecretKeyObject(PK11Session *session,PK11Object *object, if (crv != CKR_OK) goto loser; /* If the object is a TOKEN object, store in the database */ - if (pk11_isTrue(object,CKA_TOKEN)) { - PK11Slot *slot = session->slot; + if (sftk_isTrue(object,CKA_TOKEN)) { + SFTKSlot *slot = session->slot; SECStatus rv = SECSuccess; if (slot->keyDB == NULL) { return CKR_TOKEN_WRITE_PROTECTED; } - label = pk11_getString(object,CKA_LABEL); + label = sftk_getString(object,CKA_LABEL); - crv = pk11_Attribute2SecItem(NULL, &pubKey, object, CKA_ID); + crv = sftk_Attribute2SecItem(NULL, &pubKey, object, CKA_ID); /* Should this be ID? */ if (crv != CKR_OK) goto loser; @@ -1551,14 +1551,14 @@ pk11_handleSecretKeyObject(PK11Session *session,PK11Object *object, PORT_Free(pubKey.data); pubKey.data = NULL; } - crv = pk11_GenerateSecretCKA_ID(slot->keyDB, &pubKey, label); + crv = sftk_GenerateSecretCKA_ID(slot->keyDB, &pubKey, label); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(object, CKA_ID, pubKey.data, pubKey.len); + crv = sftk_forceAttribute(object, CKA_ID, pubKey.data, pubKey.len); if (crv != CKR_OK) goto loser; } - privKey=pk11_mkSecretKeyRep(object); + privKey=sftk_mkSecretKeyRep(object); if (privKey == NULL) { crv = CKR_HOST_MEMORY; goto loser; @@ -1572,7 +1572,7 @@ pk11_handleSecretKeyObject(PK11Session *session,PK11Object *object, goto loser; } - object->handle = pk11_mkHandle(slot,&pubKey,PK11_TOKEN_TYPE_KEY); + object->handle = sftk_mkHandle(slot,&pubKey,SFTK_TOKEN_TYPE_KEY); } loser: @@ -1587,44 +1587,44 @@ loser: * check the consistancy and initialize a Key Object */ static CK_RV -pk11_handleKeyObject(PK11Session *session, PK11Object *object) +sftk_handleKeyObject(SFTKSession *session, SFTKObject *object) { - PK11Attribute *attribute; + SFTKAttribute *attribute; CK_KEY_TYPE key_type; CK_BBOOL cktrue = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; CK_RV crv; /* verify the required fields */ - if ( !pk11_hasAttribute(object,CKA_KEY_TYPE) ) { + if ( !sftk_hasAttribute(object,CKA_KEY_TYPE) ) { return CKR_TEMPLATE_INCOMPLETE; } /* now verify the common fields */ - crv = pk11_defaultAttribute(object,CKA_ID,NULL,0); + crv = sftk_defaultAttribute(object,CKA_ID,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_START_DATE,NULL,0); + crv = sftk_defaultAttribute(object,CKA_START_DATE,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_END_DATE,NULL,0); + crv = sftk_defaultAttribute(object,CKA_END_DATE,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; /* get the key type */ - attribute = pk11_FindAttribute(object,CKA_KEY_TYPE); + attribute = sftk_FindAttribute(object,CKA_KEY_TYPE); key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); switch (object->objclass) { case CKO_PUBLIC_KEY: - return pk11_handlePublicKeyObject(session,object,key_type); + return sftk_handlePublicKeyObject(session,object,key_type); case CKO_PRIVATE_KEY: - return pk11_handlePrivateKeyObject(session,object,key_type); + return sftk_handlePrivateKeyObject(session,object,key_type); case CKO_SECRET_KEY: /* make sure the required fields exist */ - return pk11_handleSecretKeyObject(session,object,key_type, + return sftk_handleSecretKeyObject(session,object,key_type, (PRBool)(session->slot->slotID == FIPS_SLOT_ID)); default: break; @@ -1636,45 +1636,45 @@ pk11_handleKeyObject(PK11Session *session, PK11Object *object) * check the consistancy and Verify a DSA Parameter Object */ static CK_RV -pk11_handleDSAParameterObject(PK11Session *session, PK11Object *object) +sftk_handleDSAParameterObject(SFTKSession *session, SFTKObject *object) { - PK11Attribute *primeAttr = NULL; - PK11Attribute *subPrimeAttr = NULL; - PK11Attribute *baseAttr = NULL; - PK11Attribute *seedAttr = NULL; - PK11Attribute *hAttr = NULL; - PK11Attribute *attribute; + SFTKAttribute *primeAttr = NULL; + SFTKAttribute *subPrimeAttr = NULL; + SFTKAttribute *baseAttr = NULL; + SFTKAttribute *seedAttr = NULL; + SFTKAttribute *hAttr = NULL; + SFTKAttribute *attribute; CK_RV crv = CKR_TEMPLATE_INCOMPLETE; PQGParams params; PQGVerify vfy, *verify = NULL; SECStatus result,rv; - primeAttr = pk11_FindAttribute(object,CKA_PRIME); + primeAttr = sftk_FindAttribute(object,CKA_PRIME); if (primeAttr == NULL) goto loser; params.prime.data = primeAttr->attrib.pValue; params.prime.len = primeAttr->attrib.ulValueLen; - subPrimeAttr = pk11_FindAttribute(object,CKA_SUBPRIME); + subPrimeAttr = sftk_FindAttribute(object,CKA_SUBPRIME); if (subPrimeAttr == NULL) goto loser; params.subPrime.data = subPrimeAttr->attrib.pValue; params.subPrime.len = subPrimeAttr->attrib.ulValueLen; - baseAttr = pk11_FindAttribute(object,CKA_BASE); + baseAttr = sftk_FindAttribute(object,CKA_BASE); if (baseAttr == NULL) goto loser; params.base.data = baseAttr->attrib.pValue; params.base.len = baseAttr->attrib.ulValueLen; - attribute = pk11_FindAttribute(object, CKA_NETSCAPE_PQG_COUNTER); + attribute = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_COUNTER); if (attribute != NULL) { vfy.counter = *(CK_ULONG *) attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); - seedAttr = pk11_FindAttribute(object, CKA_NETSCAPE_PQG_SEED); + seedAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_SEED); if (seedAttr == NULL) goto loser; vfy.seed.data = seedAttr->attrib.pValue; vfy.seed.len = seedAttr->attrib.ulValueLen; - hAttr = pk11_FindAttribute(object, CKA_NETSCAPE_PQG_H); + hAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_H); if (hAttr == NULL) goto loser; vfy.h.data = hAttr->attrib.pValue; vfy.h.len = hAttr->attrib.ulValueLen; @@ -1689,11 +1689,11 @@ pk11_handleDSAParameterObject(PK11Session *session, PK11Object *object) } loser: - if (hAttr) pk11_FreeAttribute(hAttr); - if (seedAttr) pk11_FreeAttribute(seedAttr); - if (baseAttr) pk11_FreeAttribute(baseAttr); - if (subPrimeAttr) pk11_FreeAttribute(subPrimeAttr); - if (primeAttr) pk11_FreeAttribute(primeAttr); + if (hAttr) sftk_FreeAttribute(hAttr); + if (seedAttr) sftk_FreeAttribute(seedAttr); + if (baseAttr) sftk_FreeAttribute(baseAttr); + if (subPrimeAttr) sftk_FreeAttribute(subPrimeAttr); + if (primeAttr) sftk_FreeAttribute(primeAttr); return crv; } @@ -1702,30 +1702,30 @@ loser: * check the consistancy and initialize a Key Parameter Object */ static CK_RV -pk11_handleKeyParameterObject(PK11Session *session, PK11Object *object) +sftk_handleKeyParameterObject(SFTKSession *session, SFTKObject *object) { - PK11Attribute *attribute; + SFTKAttribute *attribute; CK_KEY_TYPE key_type; CK_BBOOL ckfalse = CK_FALSE; CK_RV crv; /* verify the required fields */ - if ( !pk11_hasAttribute(object,CKA_KEY_TYPE) ) { + if ( !sftk_hasAttribute(object,CKA_KEY_TYPE) ) { return CKR_TEMPLATE_INCOMPLETE; } /* now verify the common fields */ - crv = pk11_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; /* get the key type */ - attribute = pk11_FindAttribute(object,CKA_KEY_TYPE); + attribute = sftk_FindAttribute(object,CKA_KEY_TYPE); key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); switch (key_type) { case CKK_DSA: - return pk11_handleDSAParameterObject(session,object); + return sftk_handleDSAParameterObject(session,object); default: break; @@ -1740,34 +1740,34 @@ pk11_handleKeyParameterObject(PK11Session *session, PK11Object *object) * or stored in the DB. */ CK_RV -pk11_handleObject(PK11Object *object, PK11Session *session) +sftk_handleObject(SFTKObject *object, SFTKSession *session) { - PK11Slot *slot = session->slot; + SFTKSlot *slot = session->slot; CK_BBOOL ckfalse = CK_FALSE; CK_BBOOL cktrue = CK_TRUE; - PK11Attribute *attribute; + SFTKAttribute *attribute; CK_RV crv; /* make sure all the base object types are defined. If not set the * defaults */ - crv = pk11_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_PRIVATE,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_PRIVATE,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_LABEL,NULL,0); + crv = sftk_defaultAttribute(object,CKA_LABEL,NULL,0); if (crv != CKR_OK) return crv; - crv = pk11_defaultAttribute(object,CKA_MODIFIABLE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_defaultAttribute(object,CKA_MODIFIABLE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; /* don't create a private object if we aren't logged in */ if ((!slot->isLoggedIn) && (slot->needLogin) && - (pk11_isTrue(object,CKA_PRIVATE))) { + (sftk_isTrue(object,CKA_PRIVATE))) { return CKR_USER_NOT_LOGGED_IN; } if (((session->info.flags & CKF_RW_SESSION) == 0) && - (pk11_isTrue(object,CKA_TOKEN))) { + (sftk_isTrue(object,CKA_TOKEN))) { return CKR_SESSION_READ_ONLY; } @@ -1778,38 +1778,38 @@ pk11_handleObject(PK11Object *object, PK11Session *session) PZ_Unlock(slot->objectLock); /* get the object class */ - attribute = pk11_FindAttribute(object,CKA_CLASS); + attribute = sftk_FindAttribute(object,CKA_CLASS); if (attribute == NULL) { return CKR_TEMPLATE_INCOMPLETE; } object->objclass = *(CK_OBJECT_CLASS *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); /* now handle the specific. Get a session handle for these functions * to use */ switch (object->objclass) { case CKO_DATA: - crv = pk11_handleDataObject(session,object); + crv = sftk_handleDataObject(session,object); break; case CKO_CERTIFICATE: - crv = pk11_handleCertObject(session,object); + crv = sftk_handleCertObject(session,object); break; case CKO_NETSCAPE_TRUST: - crv = pk11_handleTrustObject(session,object); + crv = sftk_handleTrustObject(session,object); break; case CKO_NETSCAPE_CRL: - crv = pk11_handleCrlObject(session,object); + crv = sftk_handleCrlObject(session,object); break; case CKO_NETSCAPE_SMIME: - crv = pk11_handleSMimeObject(session,object); + crv = sftk_handleSMimeObject(session,object); break; case CKO_PRIVATE_KEY: case CKO_PUBLIC_KEY: case CKO_SECRET_KEY: - crv = pk11_handleKeyObject(session,object); + crv = sftk_handleKeyObject(session,object); break; case CKO_KG_PARAMETERS: - crv = pk11_handleKeyParameterObject(session,object); + crv = sftk_handleKeyParameterObject(session,object); break; default: crv = CKR_ATTRIBUTE_VALUE_INVALID; @@ -1823,11 +1823,11 @@ pk11_handleObject(PK11Object *object, PK11Session *session) } /* now link the object into the slot and session structures */ - if (pk11_isToken(object->handle)) { - pk11_convertSessionToToken(object); + if (sftk_isToken(object->handle)) { + sftk_convertSessionToToken(object); } else { object->slot = slot; - pk11_AddObject(session,object); + sftk_AddObject(session,object); } return CKR_OK; @@ -1837,7 +1837,7 @@ pk11_handleObject(PK11Object *object, PK11Session *session) * ******************** Public Key Utilities *************************** */ /* Generate a low public key structure from an object */ -NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, +NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPublicKey *pubKey; @@ -1849,7 +1849,7 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, return NULL; } - if (pk11_isToken(object->handle)) { + if (sftk_isToken(object->handle)) { /* ferret out the token object handle */ } @@ -1879,41 +1879,41 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, switch (key_type) { case CKK_RSA: pubKey->keyType = NSSLOWKEYRSAKey; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus, object,CKA_MODULUS); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.rsa.publicExponent, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.publicExponent, object,CKA_PUBLIC_EXPONENT); break; case CKK_DSA: pubKey->keyType = NSSLOWKEYDSAKey; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime, object,CKA_PRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.subPrime, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.subPrime, object,CKA_SUBPRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.base, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.base, object,CKA_BASE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue, object,CKA_VALUE); break; case CKK_DH: pubKey->keyType = NSSLOWKEYDHKey; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.prime, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.prime, object,CKA_PRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.base, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.base, object,CKA_BASE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, object,CKA_VALUE); break; #ifdef NSS_ENABLE_ECC case CKK_EC: pubKey->keyType = NSSLOWKEYECKey; - crv = pk11_Attribute2SSecItem(arena, + crv = sftk_Attribute2SSecItem(arena, &pubKey->u.ec.ecParams.DEREncoding, object,CKA_EC_PARAMS); if (crv != CKR_OK) break; @@ -1924,7 +1924,7 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, if (EC_FillParams(arena, &pubKey->u.ec.ecParams.DEREncoding, &pubKey->u.ec.ecParams) != SECSuccess) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, + crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); break; #endif /* NSS_ENABLE_ECC */ @@ -1939,20 +1939,20 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, } object->objectInfo = pubKey; - object->infoFree = (PK11Free) nsslowkey_DestroyPublicKey; + object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey; return pubKey; } /* make a private key from a verified object */ static NSSLOWKEYPrivateKey * -pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) +sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena; CK_RV crv = CKR_OK; SECStatus rv; - PORT_Assert(!pk11_isToken(object->handle)); + PORT_Assert(!sftk_isToken(object->handle)); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { *crvp = CKR_HOST_MEMORY; @@ -1972,28 +1972,28 @@ pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) switch (key_type) { case CKK_RSA: privKey->keyType = NSSLOWKEYRSAKey; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.modulus, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.modulus, object,CKA_MODULUS); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.publicExponent,object, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.publicExponent,object, CKA_PUBLIC_EXPONENT); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.privateExponent,object, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.privateExponent,object, CKA_PRIVATE_EXPONENT); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.prime1,object, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.prime1,object, CKA_PRIME_1); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.prime2,object, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.prime2,object, CKA_PRIME_2); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.exponent1, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.exponent1, object, CKA_EXPONENT_1); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.exponent2, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.exponent2, object, CKA_EXPONENT_2); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.coefficient,object, + crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.coefficient,object, CKA_COEFFICIENT); if (crv != CKR_OK) break; rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version, @@ -2003,42 +2003,42 @@ pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) case CKK_DSA: privKey->keyType = NSSLOWKEYDSAKey; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.prime, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.prime, object,CKA_PRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.subPrime, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.subPrime, object,CKA_SUBPRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.base, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.base, object,CKA_BASE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.privateValue, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.privateValue, object,CKA_VALUE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.publicValue, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.publicValue, object,CKA_NETSCAPE_DB); /* can't set the public value.... */ break; case CKK_DH: privKey->keyType = NSSLOWKEYDHKey; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dh.prime, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.prime, object,CKA_PRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dh.base, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.base, object,CKA_BASE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dh.privateValue, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.privateValue, object,CKA_VALUE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.dh.publicValue, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.publicValue, object,CKA_NETSCAPE_DB); break; #ifdef NSS_ENABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; - crv = pk11_Attribute2SSecItem(arena, + crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.ecParams.DEREncoding, object,CKA_EC_PARAMS); if (crv != CKR_OK) break; @@ -2048,10 +2048,10 @@ pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) */ if (EC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding, &privKey->u.ec.ecParams) != SECSuccess) break; - crv = pk11_Attribute2SSecItem(arena,&privKey->u.ec.privateValue, + crv = sftk_Attribute2SSecItem(arena,&privKey->u.ec.privateValue, object,CKA_VALUE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena, &privKey->u.ec.publicValue, + crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.publicValue, object,CKA_NETSCAPE_DB); if (crv != CKR_OK) break; rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version, @@ -2075,7 +2075,7 @@ pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * -pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type, CK_RV *crvp) +sftk_GetPrivKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPrivateKey *priv = NULL; @@ -2088,9 +2088,9 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type, CK_RV *crvp) return (NSSLOWKEYPrivateKey *)object->objectInfo; } - if (pk11_isToken(object->handle)) { + if (sftk_isToken(object->handle)) { /* grab it from the data base */ - PK11TokenObject *to = pk11_narrowToTokenObject(object); + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(to); PORT_Assert(object->slot->keyDB); @@ -2098,10 +2098,10 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type, CK_RV *crvp) object->slot->password); *crvp = priv ? CKR_OK : CKR_DEVICE_ERROR; } else { - priv = pk11_mkPrivKey(object, key_type, crvp); + priv = sftk_mkPrivKey(object, key_type, crvp); } object->objectInfo = priv; - object->infoFree = (PK11Free) nsslowkey_DestroyPrivateKey; + object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey; return priv; } @@ -2112,7 +2112,7 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type, CK_RV *crvp) * set the DES key with parity bits correctly */ void -pk11_FormatDESKey(unsigned char *key, int length) +sftk_FormatDESKey(unsigned char *key, int length) { int i; @@ -2126,15 +2126,15 @@ pk11_FormatDESKey(unsigned char *key, int length) * check a des key (des2 or des3 subkey) for weak keys. */ PRBool -pk11_CheckDESKey(unsigned char *key) +sftk_CheckDESKey(unsigned char *key) { int i; /* format the des key with parity */ - pk11_FormatDESKey(key, 8); + sftk_FormatDESKey(key, 8); - for (i=0; i < pk11_desWeakTableSize; i++) { - if (PORT_Memcmp(key,pk11_desWeakTable[i],8) == 0) { + for (i=0; i < sftk_desWeakTableSize; i++) { + if (PORT_Memcmp(key,sftk_desWeakTable[i],8) == 0) { return PR_TRUE; } } @@ -2145,19 +2145,19 @@ pk11_CheckDESKey(unsigned char *key) * check if a des or triple des key is weak. */ PRBool -pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type) +sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type) { switch(key_type) { case CKK_DES: - return pk11_CheckDESKey(key); + return sftk_CheckDESKey(key); case CKM_DES2_KEY_GEN: - if (pk11_CheckDESKey(key)) return PR_TRUE; - return pk11_CheckDESKey(&key[8]); + if (sftk_CheckDESKey(key)) return PR_TRUE; + return sftk_CheckDESKey(&key[8]); case CKM_DES3_KEY_GEN: - if (pk11_CheckDESKey(key)) return PR_TRUE; - if (pk11_CheckDESKey(&key[8])) return PR_TRUE; - return pk11_CheckDESKey(&key[16]); + if (sftk_CheckDESKey(key)) return PR_TRUE; + if (sftk_CheckDESKey(&key[8])) return PR_TRUE; + return sftk_CheckDESKey(&key[16]); default: break; } @@ -2167,7 +2167,7 @@ pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type) /* make a fake private key representing a symmetric key */ static NSSLOWKEYPrivateKey * -pk11_mkSecretKeyRep(PK11Object *object) +sftk_mkSecretKeyRep(SFTKObject *object) { NSSLOWKEYPrivateKey *privKey = 0; PLArenaPool *arena = 0; @@ -2199,7 +2199,7 @@ pk11_mkSecretKeyRep(PK11Object *object) privKey->keyType = NSSLOWKEYRSAKey; /* The modulus is set to the key id of the symmetric key */ - crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.modulus,object,CKA_ID); + crv=sftk_Attribute2SecItem(arena,&privKey->u.rsa.modulus,object,CKA_ID); if (crv != CKR_OK) goto loser; /* The public exponent is set to 0 length to indicate a special key */ @@ -2207,7 +2207,7 @@ pk11_mkSecretKeyRep(PK11Object *object) privKey->u.rsa.publicExponent.data = derZero; /* The private exponent is the actual key value */ - crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.privateExponent,object,CKA_VALUE); + crv=sftk_Attribute2SecItem(arena,&privKey->u.rsa.privateExponent,object,CKA_VALUE); if (crv != CKR_OK) goto loser; /* All other fields empty - needs testing */ @@ -2224,7 +2224,7 @@ pk11_mkSecretKeyRep(PK11Object *object) privKey->u.rsa.exponent2.data = derZero; /* Coeficient set to KEY_TYPE */ - crv = pk11_GetULongAttribute(object, CKA_KEY_TYPE, &keyType); + crv = sftk_GetULongAttribute(object, CKA_KEY_TYPE, &keyType); if (crv != CKR_OK) goto loser; /* on 64 bit platforms, we still want to store 32 bits of keyType (This is * safe since the PKCS #11 defines for all types are 32 bits or less). */ @@ -2273,7 +2273,7 @@ isSecretKey(NSSLOWKEYPrivateKey *privKey) /* return the function list */ CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) { - *pFunctionList = (CK_FUNCTION_LIST_PTR) &pk11_funcList; + *pFunctionList = (CK_FUNCTION_LIST_PTR) &sftk_funcList; return CKR_OK; } @@ -2284,7 +2284,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) } static PLHashNumber -pk11_HashNumber(const void *key) +sftk_HashNumber(const void *key) { return (PLHashNumber) key; } @@ -2295,7 +2295,7 @@ pk11_HashNumber(const void *key) * where it might be a little difficult. */ const char * -pk11_getDefTokName(CK_SLOT_ID slotID) +sftk_getDefTokName(CK_SLOT_ID slotID) { static char buf[33]; @@ -2314,7 +2314,7 @@ pk11_getDefTokName(CK_SLOT_ID slotID) } const char * -pk11_getDefSlotName(CK_SLOT_ID slotID) +sftk_getDefSlotName(CK_SLOT_ID slotID) { static char buf[65]; @@ -2343,7 +2343,7 @@ static CK_ULONG nscSlotListSize[2] = {0, 0}; static PLHashTable *nscSlotHashTable[2] = {NULL, NULL}; static int -pk11_GetModuleIndex(CK_SLOT_ID slotID) +sftk_GetModuleIndex(CK_SLOT_ID slotID) { if ((slotID == FIPS_SLOT_ID) || (slotID > 100)) { return NSC_FIPS_MODULE; @@ -2353,16 +2353,16 @@ pk11_GetModuleIndex(CK_SLOT_ID slotID) /* look up a slot structure from the ID (used to be a macro when we only * had two slots) */ -PK11Slot * -pk11_SlotFromID(CK_SLOT_ID slotID) +SFTKSlot * +sftk_SlotFromID(CK_SLOT_ID slotID) { - int index = pk11_GetModuleIndex(slotID); - return (PK11Slot *)PL_HashTableLookupConst(nscSlotHashTable[index], + int index = sftk_GetModuleIndex(slotID); + return (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], (void *)slotID); } -PK11Slot * -pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle) +SFTKSlot * +sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle) { CK_ULONG slotIDIndex = (handle >> 24) & 0x7f; CK_ULONG moduleIndex = (handle >> 31) & 1; @@ -2371,16 +2371,16 @@ pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle) return NULL; } - return pk11_SlotFromID(nscSlotList[moduleIndex][slotIDIndex]); + return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex]); } static CK_RV -pk11_RegisterSlot(PK11Slot *slot, int moduleIndex) +sftk_RegisterSlot(SFTKSlot *slot, int moduleIndex) { PLHashEntry *entry; int index; - index = pk11_GetModuleIndex(slot->slotID); + index = sftk_GetModuleIndex(slot->slotID); /* make sure the slotID for this module is valid */ if (moduleIndex != index) { @@ -2409,7 +2409,7 @@ pk11_RegisterSlot(PK11Slot *slot, int moduleIndex) } if (nscSlotHashTable[index] == NULL) { - nscSlotHashTable[index] = PL_NewHashTable(64,pk11_HashNumber, + nscSlotHashTable[index] = PL_NewHashTable(64,sftk_HashNumber, PL_CompareValues, PL_CompareValues, NULL, 0); if (nscSlotHashTable[index] == NULL) { return CKR_HOST_MEMORY; @@ -2427,9 +2427,9 @@ pk11_RegisterSlot(PK11Slot *slot, int moduleIndex) } static SECStatus -pk11_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg) +sftk_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg) { - PK11Slot *slot = (PK11Slot *)arg; + SFTKSlot *slot = (SFTKSlot *)arg; NSSLOWCERTCertTrust trust = *cert->trust; if (nsslowkey_KeyForCertExists(slot->keyDB,cert)) { @@ -2451,28 +2451,28 @@ pk11_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg) } static void -pk11_DBVerify(PK11Slot *slot) +sftk_DBVerify(SFTKSlot *slot) { /* walk through all the certs and check to see if there are any * user certs, and make sure there are s/mime profiles for all certs with * email addresses */ - nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot); + nsslowcert_TraversePermCerts(slot->certDB,sftk_set_user,slot); return; } /* forward static declaration. */ -static CK_RV pk11_DestroySlotData(PK11Slot *slot); +static CK_RV sftk_DestroySlotData(SFTKSlot *slot); /* * initialize one of the slot structures. figure out which by the ID */ CK_RV -PK11_SlotInit(char *configdir,pk11_token_parameters *params, int moduleIndex) +SFTK_SlotInit(char *configdir,sftk_token_parameters *params, int moduleIndex) { unsigned int i; CK_SLOT_ID slotID = params->slotID; - PK11Slot *slot = PORT_ZNew(PK11Slot); + SFTKSlot *slot = PORT_ZNew(SFTKSlot); PRBool needLogin = !params->noKeyDB; CK_RV crv; @@ -2506,13 +2506,13 @@ PK11_SlotInit(char *configdir,pk11_token_parameters *params, int moduleIndex) slot->objectLock = PZ_NewLock(nssILockObject); if (slot->objectLock == NULL) goto mem_loser; - slot->head = PORT_ZNewArray(PK11Session *, slot->sessHashSize); + slot->head = PORT_ZNewArray(SFTKSession *, slot->sessHashSize); if (slot->head == NULL) goto mem_loser; - slot->tokObjects = PORT_ZNewArray(PK11Object *, slot->tokObjHashSize); + slot->tokObjects = PORT_ZNewArray(SFTKObject *, slot->tokObjHashSize); if (slot->tokObjects == NULL) goto mem_loser; - slot->tokenHashTable = PL_NewHashTable(64,pk11_HashNumber,PL_CompareValues, + slot->tokenHashTable = PL_NewHashTable(64,sftk_HashNumber,PL_CompareValues, SECITEM_HashCompare, NULL, 0); if (slot->tokenHashTable == NULL) goto mem_loser; @@ -2533,15 +2533,15 @@ PK11_SlotInit(char *configdir,pk11_token_parameters *params, int moduleIndex) slot->keyDB = NULL; slot->minimumPinLen = 0; slot->readOnly = params->readOnly; - pk11_setStringName(params->tokdes ? params->tokdes : - pk11_getDefTokName(slotID), slot->tokDescription, + sftk_setStringName(params->tokdes ? params->tokdes : + sftk_getDefTokName(slotID), slot->tokDescription, sizeof(slot->tokDescription)); - pk11_setStringName(params->slotdes ? params->slotdes : - pk11_getDefSlotName(slotID), slot->slotDescription, + sftk_setStringName(params->slotdes ? params->slotdes : + sftk_getDefSlotName(slotID), slot->slotDescription, sizeof(slot->slotDescription)); if ((!params->noCertDB) || (!params->noKeyDB)) { - crv = pk11_DBInit(params->configdir ? params->configdir : configdir, + crv = sftk_DBInit(params->configdir ? params->configdir : configdir, params->certPrefix, params->keyPrefix, params->readOnly, params->noCertDB, params->noKeyDB, params->forceOpen, &slot->certDB, &slot->keyDB); @@ -2550,22 +2550,22 @@ PK11_SlotInit(char *configdir,pk11_token_parameters *params, int moduleIndex) } if (nsslowcert_needDBVerify(slot->certDB)) { - pk11_DBVerify(slot); + sftk_DBVerify(slot); } } if (needLogin) { /* if the data base is initialized with a null password,remember that */ slot->needLogin = - (PRBool)!pk11_hasNullPassword(slot->keyDB,&slot->password); - if (params->minPW <= PK11_MAX_PIN) { + (PRBool)!sftk_hasNullPassword(slot->keyDB,&slot->password); + if (params->minPW <= SFTK_MAX_PIN) { slot->minimumPinLen = params->minPW; } if ((slot->minimumPinLen == 0) && (params->pwRequired) && - (slot->minimumPinLen <= PK11_MAX_PIN)) { + (slot->minimumPinLen <= SFTK_MAX_PIN)) { slot->minimumPinLen = 1; } } - crv = pk11_RegisterSlot(slot, moduleIndex); + crv = sftk_RegisterSlot(slot, moduleIndex); if (crv != CKR_OK) { goto loser; } @@ -2574,12 +2574,12 @@ PK11_SlotInit(char *configdir,pk11_token_parameters *params, int moduleIndex) mem_loser: crv = CKR_HOST_MEMORY; loser: - pk11_DestroySlotData(slot); + sftk_DestroySlotData(slot); return crv; } static PRIntn -pk11_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg) +sftk_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg) { SECItem *item = (SECItem *)entry->value; @@ -2591,7 +2591,7 @@ pk11_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg) * initialize one of the slot structures. figure out which by the ID */ static CK_RV -pk11_DestroySlotData(PK11Slot *slot) +sftk_DestroySlotData(SFTKSlot *slot) { unsigned int i; @@ -2618,16 +2618,16 @@ pk11_DestroySlotData(PK11Slot *slot) if (slot->tokenHashTable) { PL_HashTableEnumerateEntries(slot->tokenHashTable, - pk11_freeHashItem,NULL); + sftk_freeHashItem,NULL); PL_HashTableDestroy(slot->tokenHashTable); slot->tokenHashTable = NULL; } if (slot->tokObjects) { for(i=0; i < slot->tokObjHashSize; i++) { - PK11Object *object = slot->tokObjects[i]; + SFTKObject *object = slot->tokObjects[i]; slot->tokObjects[i] = NULL; - if (object) pk11_FreeObject(object); + if (object) sftk_FreeObject(object); } PORT_Free(slot->tokObjects); slot->tokObjects = NULL; @@ -2635,15 +2635,15 @@ pk11_DestroySlotData(PK11Slot *slot) slot->tokObjHashSize = 0; if (slot->head) { for(i=0; i < slot->sessHashSize; i++) { - PK11Session *session = slot->head[i]; + SFTKSession *session = slot->head[i]; slot->head[i] = NULL; - if (session) pk11_FreeSession(session); + if (session) sftk_FreeSession(session); } PORT_Free(slot->head); slot->head = NULL; } slot->sessHashSize = 0; - pk11_DBShutdown(slot->certDB,slot->keyDB); + sftk_DBShutdown(slot->certDB,slot->keyDB); PORT_Free(slot); return CKR_OK; @@ -2690,7 +2690,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) static void nscFreeAllSlots(int moduleIndex) { /* free all the slots */ - PK11Slot *slot = NULL; + SFTKSlot *slot = NULL; CK_SLOT_ID slotID; int i; @@ -2713,11 +2713,11 @@ static void nscFreeAllSlots(int moduleIndex) for (i=0; i < (int) tmpSlotCount; i++) { slotID = tmpSlotList[i]; - slot = (PK11Slot *) + slot = (SFTKSlot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID); PORT_Assert(slot); if (!slot) continue; - pk11_DestroySlotData(slot); + sftk_DestroySlotData(slot); PL_HashTableRemove(tmpSlotHashTable, (void *)slotID); } PORT_Free(tmpSlotList); @@ -2726,18 +2726,18 @@ static void nscFreeAllSlots(int moduleIndex) } static void -pk11_closePeer(PRBool isFIPS) +sftk_closePeer(PRBool isFIPS) { CK_SLOT_ID slotID = isFIPS ? PRIVATE_KEY_SLOT_ID: FIPS_SLOT_ID; - PK11Slot *slot; + SFTKSlot *slot; int moduleIndex = isFIPS? NSC_NON_FIPS_MODULE : NSC_FIPS_MODULE; PLHashTable *tmpSlotHashTable = nscSlotHashTable[moduleIndex]; - slot = (PK11Slot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID); + slot = (SFTKSlot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID); if (slot == NULL) { return; } - pk11_DBShutdown(slot->certDB,slot->keyDB); + sftk_DBShutdown(slot->certDB,slot->keyDB); slot->certDB = NULL; slot->keyDB = NULL; return; @@ -2759,7 +2759,7 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS) if (isFIPS) { /* make sure that our check file signatures are OK */ if (!BLAPI_VerifySelf(NULL) || - !BLAPI_SHVerify(SOFTOKEN_LIB_NAME, (PRFuncPtr) pk11_closePeer)) { + !BLAPI_SHVerify(SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_closePeer)) { crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */ return crv; } @@ -2790,14 +2790,14 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS) (SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC); crv = CKR_ARGUMENTS_BAD; if ((init_args && init_args->LibraryParameters)) { - pk11_parameters paramStrings; + sftk_parameters paramStrings; crv = secmod_parseParameters ((char *)init_args->LibraryParameters, ¶mStrings, isFIPS); if (crv != CKR_OK) { return crv; } - crv = pk11_configure(paramStrings.man, paramStrings.libdes); + crv = sftk_configure(paramStrings.man, paramStrings.libdes); if (crv != CKR_OK) { goto loser; } @@ -2805,12 +2805,12 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS) /* if we have a peer already open, have him close his DB's so we * don't clobber each other. */ if ((isFIPS && nsc_init) || (!isFIPS && nsf_init)) { - pk11_closePeer(isFIPS); + sftk_closePeer(isFIPS); } for (i=0; i < paramStrings.token_count; i++) { crv = - PK11_SlotInit(paramStrings.configdir, ¶mStrings.tokens[i], + SFTK_SlotInit(paramStrings.configdir, ¶mStrings.tokens[i], moduleIndex); if (crv != CKR_OK) { nscFreeAllSlots(moduleIndex); @@ -2821,7 +2821,7 @@ loser: secmod_freeParams(¶mStrings); } if (CKR_OK == crv) { - pk11_InitFreeLists(); + sftk_InitFreeLists(); } return crv; @@ -2856,7 +2856,7 @@ CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS) return CKR_OK; } - pk11_CleanupFreeLists(); + sftk_CleanupFreeLists(); nsslowcert_DestroyFreeLists(); nsslowcert_DestroyGlobalLocks(); @@ -2942,7 +2942,7 @@ CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent, /* NSC_GetSlotInfo obtains information about a particular slot in the system. */ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { - PK11Slot *slot = pk11_SlotFromID(slotID); + SFTKSlot *slot = sftk_SlotFromID(slotID); if (slot == NULL) return CKR_SLOT_ID_INVALID; pInfo->firmwareVersion.major = 0; @@ -2964,7 +2964,7 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) * been changed underneath us. */ static PRBool -pk11_checkNeedLogin(PK11Slot *slot) +sftk_checkNeedLogin(SFTKSlot *slot) { if (slot->password) { if (nsslowkey_CheckKeyDBPassword(slot->keyDB,slot->password) @@ -2977,7 +2977,7 @@ pk11_checkNeedLogin(PK11Slot *slot) } } slot->needLogin = - (PRBool)!pk11_hasNullPassword(slot->keyDB,&slot->password); + (PRBool)!sftk_hasNullPassword(slot->keyDB,&slot->password); return (slot->needLogin); } @@ -2985,7 +2985,7 @@ pk11_checkNeedLogin(PK11Slot *slot) * the system. */ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) { - PK11Slot *slot = pk11_SlotFromID(slotID); + SFTKSlot *slot = sftk_SlotFromID(slotID); NSSLOWKEYDBHandle *handle; if (slot == NULL) return CKR_SLOT_ID_INVALID; @@ -3023,13 +3023,13 @@ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) */ if (nsslowkey_HasKeyDBPassword(handle) == SECFailure) { pInfo->flags = CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED; - } else if (!pk11_checkNeedLogin(slot)) { + } else if (!sftk_checkNeedLogin(slot)) { pInfo->flags = CKF_THREAD_SAFE | CKF_USER_PIN_INITIALIZED; } else { pInfo->flags = CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED; } - pInfo->ulMaxPinLen = PK11_MAX_PIN; + pInfo->ulMaxPinLen = SFTK_MAX_PIN; pInfo->ulMinPinLen = 0; if (slot->minimumPinLen > 0) { pInfo->ulMinPinLen = (CK_ULONG)slot->minimumPinLen; @@ -3105,7 +3105,7 @@ CK_RV NSC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, return CKR_MECHANISM_INVALID; } -CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op) +CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op) { CK_ULONG i; CK_FLAGS flags; @@ -3134,7 +3134,7 @@ CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op) static SECStatus -pk11_TurnOffUser(NSSLOWCERTCertificate *cert, SECItem *k, void *arg) +sftk_TurnOffUser(NSSLOWCERTCertificate *cert, SECItem *k, void *arg) { NSSLOWCERTCertTrust trust; SECStatus rv; @@ -3154,12 +3154,12 @@ pk11_TurnOffUser(NSSLOWCERTCertificate *cert, SECItem *k, void *arg) /* NSC_InitToken initializes a token. */ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, CK_ULONG ulPinLen,CK_CHAR_PTR pLabel) { - PK11Slot *slot = pk11_SlotFromID(slotID); + SFTKSlot *slot = sftk_SlotFromID(slotID); NSSLOWKEYDBHandle *handle; NSSLOWCERTCertDBHandle *certHandle; SECStatus rv; unsigned int i; - PK11Object *object; + SFTKObject *object; if (slot == NULL) return CKR_SLOT_ID_INVALID; @@ -3186,7 +3186,7 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, if (object->next) object->next->prev = NULL; object->next = object->prev = NULL; } - if (object) pk11_FreeObject(object); + if (object) sftk_FreeObject(object); } while (object != NULL); } slot->DB_loaded = PR_FALSE; @@ -3205,7 +3205,7 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, certHandle = slot->certDB; if (certHandle == NULL) return CKR_OK; - nsslowcert_TraversePermCerts(certHandle,pk11_TurnOffUser, NULL); + nsslowcert_TraversePermCerts(certHandle,sftk_TurnOffUser, NULL); return CKR_OK; /*is this the right function for not implemented*/ } @@ -3215,41 +3215,41 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { - PK11Session *sp; - PK11Slot *slot; + SFTKSession *sp; + SFTKSlot *slot; NSSLOWKEYDBHandle *handle; SECItem *newPin; - char newPinStr[PK11_MAX_PIN+1]; + char newPinStr[SFTK_MAX_PIN+1]; SECStatus rv; - sp = pk11_SessionFromHandle(hSession); + sp = sftk_SessionFromHandle(hSession); if (sp == NULL) { return CKR_SESSION_HANDLE_INVALID; } - slot = pk11_SlotFromSession(sp); + slot = sftk_SlotFromSession(sp); if (slot == NULL) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_SESSION_HANDLE_INVALID;; } handle = slot->keyDB; if (handle == NULL) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_PIN_LEN_RANGE; } if (sp->info.state != CKS_RW_SO_FUNCTIONS) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_USER_NOT_LOGGED_IN; } - pk11_FreeSession(sp); + sftk_FreeSession(sp); /* make sure the pins aren't too long */ - if (ulPinLen > PK11_MAX_PIN) { + if (ulPinLen > SFTK_MAX_PIN) { return CKR_PIN_LEN_RANGE; } if (ulPinLen < (CK_ULONG)slot->minimumPinLen) { @@ -3290,41 +3290,41 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession, CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen) { - PK11Session *sp; - PK11Slot *slot; + SFTKSession *sp; + SFTKSlot *slot; NSSLOWKEYDBHandle *handle; SECItem *newPin; SECItem *oldPin; - char newPinStr[PK11_MAX_PIN+1],oldPinStr[PK11_MAX_PIN+1]; + char newPinStr[SFTK_MAX_PIN+1],oldPinStr[SFTK_MAX_PIN+1]; SECStatus rv; - sp = pk11_SessionFromHandle(hSession); + sp = sftk_SessionFromHandle(hSession); if (sp == NULL) { return CKR_SESSION_HANDLE_INVALID; } - slot = pk11_SlotFromSession(sp); + slot = sftk_SlotFromSession(sp); if (!slot) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_SESSION_HANDLE_INVALID;; } handle = slot->keyDB; if (handle == NULL) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_PIN_LEN_RANGE; } if (slot->needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) { - pk11_FreeSession(sp); + sftk_FreeSession(sp); return CKR_USER_NOT_LOGGED_IN; } - pk11_FreeSession(sp); + sftk_FreeSession(sp); /* make sure the pins aren't too long */ - if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) { + if ((ulNewLen > SFTK_MAX_PIN) || (ulOldLen > SFTK_MAX_PIN)) { return CKR_PIN_LEN_RANGE; } if (ulNewLen < (CK_ULONG)slot->minimumPinLen) { @@ -3365,16 +3365,16 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) { - PK11Slot *slot; + SFTKSlot *slot; CK_SESSION_HANDLE sessionID; - PK11Session *session; - PK11Session *sameID; + SFTKSession *session; + SFTKSession *sameID; - slot = pk11_SlotFromID(slotID); + slot = sftk_SlotFromID(slotID); if (slot == NULL) return CKR_SLOT_ID_INVALID; /* new session (we only have serial sessions) */ - session = pk11_NewSession(slotID, Notify, pApplication, + session = sftk_NewSession(slotID, Notify, pApplication, flags | CKF_SERIAL_SESSION); if (session == NULL) return CKR_HOST_MEMORY; @@ -3395,13 +3395,13 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, sessionID = (PR_AtomicIncrement(&slot->sessionIDCount) & 0xffffff) | (slot->index << 24); } while (sessionID == CK_INVALID_HANDLE); - lock = PK11_SESSION_LOCK(slot,sessionID); + lock = SFTK_SESSION_LOCK(slot,sessionID); PZ_Lock(lock); - pk11queue_find(sameID, sessionID, slot->head, slot->sessHashSize); + sftkqueue_find(sameID, sessionID, slot->head, slot->sessHashSize); if (sameID == NULL) { session->handle = sessionID; - pk11_update_state(slot, session); - pk11queue_add(session, sessionID, slot->head,slot->sessHashSize); + sftk_update_state(slot, session); + sftkqueue_add(session, sessionID, slot->head,slot->sessHashSize); } else { slot->sessionIDConflict++; /* for debugging */ } @@ -3416,23 +3416,23 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, /* NSC_CloseSession closes a session between an application and a token. */ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) { - PK11Slot *slot; - PK11Session *session; + SFTKSlot *slot; + SFTKSession *session; SECItem *pw = NULL; PRBool sessionFound; PZLock *lock; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - slot = pk11_SlotFromSession(session); + slot = sftk_SlotFromSession(session); sessionFound = PR_FALSE; /* lock */ - lock = PK11_SESSION_LOCK(slot,hSession); + lock = SFTK_SESSION_LOCK(slot,hSession); PZ_Lock(lock); - if (pk11queue_is_queued(session,hSession,slot->head,slot->sessHashSize)) { + if (sftkqueue_is_queued(session,hSession,slot->head,slot->sessHashSize)) { sessionFound = PR_TRUE; - pk11queue_delete(session,hSession,slot->head,slot->sessHashSize); + sftkqueue_delete(session,hSession,slot->head,slot->sessHashSize); session->refCount--; /* can't go to zero while we hold the reference */ PORT_Assert(session->refCount > 0); } @@ -3451,7 +3451,7 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) } } - pk11_FreeSession(session); + sftk_FreeSession(session); if (pw) SECITEM_ZfreeItem(pw, PR_TRUE); return CKR_OK; } @@ -3460,12 +3460,12 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) /* NSC_CloseAllSessions closes all sessions with a token. */ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID) { - PK11Slot *slot; + SFTKSlot *slot; SECItem *pw = NULL; - PK11Session *session; + SFTKSession *session; unsigned int i; - slot = pk11_SlotFromID(slotID); + slot = sftk_SlotFromID(slotID); if (slot == NULL) return CKR_SLOT_ID_INVALID; /* first log out the card */ @@ -3482,7 +3482,7 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID) * NSC_CloseAllSessions... but any session running when this code starts * will guarrenteed be close, and no session will be partially closed */ for (i=0; i < slot->sessHashSize; i++) { - PZLock *lock = PK11_SESSION_LOCK(slot,i); + PZLock *lock = SFTK_SESSION_LOCK(slot,i); do { PZ_Lock(lock); session = slot->head[i]; @@ -3504,7 +3504,7 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID) } else { PZ_Unlock(lock); } - if (session) pk11_FreeSession(session); + if (session) sftk_FreeSession(session); } while (session != NULL); } return CKR_OK; @@ -3515,13 +3515,13 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID) CK_RV NSC_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo) { - PK11Session *session; + SFTKSession *session; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; PORT_Memcpy(pInfo,&session->info,sizeof(CK_SESSION_INFO)); - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } @@ -3529,22 +3529,22 @@ CK_RV NSC_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { - PK11Slot *slot; - PK11Session *session; + SFTKSlot *slot; + SFTKSession *session; NSSLOWKEYDBHandle *handle; CK_FLAGS sessionFlags; SECItem *pin; - char pinStr[PK11_MAX_PIN+1]; + char pinStr[SFTK_MAX_PIN+1]; /* get the slot */ - slot = pk11_SlotFromSessionHandle(hSession); + slot = sftk_SlotFromSessionHandle(hSession); /* make sure the session is valid */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; sessionFlags = session->info.flags; - pk11_FreeSession(session); + sftk_FreeSession(session); session = NULL; /* can't log into the Netscape Slot */ @@ -3554,7 +3554,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, if (slot->isLoggedIn) return CKR_USER_ALREADY_LOGGED_IN; slot->ssoLoggedIn = PR_FALSE; - if (ulPinLen > PK11_MAX_PIN) return CKR_PIN_LEN_RANGE; + if (ulPinLen > SFTK_MAX_PIN) return CKR_PIN_LEN_RANGE; /* convert to null terminated string */ PORT_Memcpy(pinStr,pPin,ulPinLen); @@ -3585,7 +3585,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, slot->isLoggedIn = PR_TRUE; slot->ssoLoggedIn = (PRBool)(userType == CKU_SO); PZ_Unlock(slot->slotLock); - pk11_update_all_states(slot); + sftk_update_all_states(slot); SECITEM_ZfreeItem(pw,PR_TRUE); return CKR_OK; } @@ -3612,7 +3612,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, if (tmp) SECITEM_ZfreeItem(tmp, PR_TRUE); /* update all sessions */ - pk11_update_all_states(slot); + sftk_update_all_states(slot); return CKR_OK; } @@ -3623,13 +3623,13 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, /* NSC_Logout logs a user out from a token. */ CK_RV NSC_Logout(CK_SESSION_HANDLE hSession) { - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); - PK11Session *session; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); + SFTKSession *session; SECItem *pw = NULL; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - pk11_FreeSession(session); + sftk_FreeSession(session); session = NULL; if (!slot->isLoggedIn) return CKR_USER_NOT_LOGGED_IN; @@ -3642,7 +3642,7 @@ CK_RV NSC_Logout(CK_SESSION_HANDLE hSession) PZ_Unlock(slot->slotLock); if (pw) SECITEM_ZfreeItem(pw, PR_TRUE); - pk11_update_all_states(slot); + sftk_update_all_states(slot); return CKR_OK; } @@ -3652,9 +3652,9 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject) { - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); - PK11Session *session; - PK11Object *object; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); + SFTKSession *session; + SFTKObject *object; CK_RV crv; int i; @@ -3662,7 +3662,7 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession, /* * now lets create an object to hang the attributes off of */ - object = pk11_NewObject(slot); /* fill in the handle later */ + object = sftk_NewObject(slot); /* fill in the handle later */ if (object == NULL) { return CKR_HOST_MEMORY; } @@ -3671,27 +3671,27 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession, * load the template values into the object */ for (i=0; i < (int) ulCount; i++) { - crv = pk11_AddAttributeType(object,pk11_attr_expand(&pTemplate[i])); + crv = sftk_AddAttributeType(object,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) { - pk11_FreeObject(object); + sftk_FreeObject(object); return crv; } } /* get the session */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { - pk11_FreeObject(object); + sftk_FreeObject(object); return CKR_SESSION_HANDLE_INVALID; } /* * handle the base object stuff */ - crv = pk11_handleObject(object,session); + crv = sftk_handleObject(object,session); *phObject = object->handle; - pk11_FreeSession(session); - pk11_FreeObject(object); + sftk_FreeSession(session); + sftk_FreeObject(object); return crv; } @@ -3702,29 +3702,29 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject) { - PK11Object *destObject,*srcObject; - PK11Session *session; + SFTKObject *destObject,*srcObject; + SFTKSession *session; CK_RV crv = CKR_OK; - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); int i; /* Get srcObject so we can find the class */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { return CKR_SESSION_HANDLE_INVALID; } - srcObject = pk11_ObjectFromHandle(hObject,session); + srcObject = sftk_ObjectFromHandle(hObject,session); if (srcObject == NULL) { - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OBJECT_HANDLE_INVALID; } /* * create an object to hang the attributes off of */ - destObject = pk11_NewObject(slot); /* fill in the handle later */ + destObject = sftk_NewObject(slot); /* fill in the handle later */ if (destObject == NULL) { - pk11_FreeSession(session); - pk11_FreeObject(srcObject); + sftk_FreeSession(session); + sftk_FreeObject(srcObject); return CKR_HOST_MEMORY; } @@ -3732,26 +3732,26 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, * load the template values into the object */ for (i=0; i < (int) ulCount; i++) { - if (pk11_modifyType(pTemplate[i].type,srcObject->objclass) == PK11_NEVER) { + if (sftk_modifyType(pTemplate[i].type,srcObject->objclass) == SFTK_NEVER) { crv = CKR_ATTRIBUTE_READ_ONLY; break; } - crv = pk11_AddAttributeType(destObject,pk11_attr_expand(&pTemplate[i])); + crv = sftk_AddAttributeType(destObject,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) { break; } } if (crv != CKR_OK) { - pk11_FreeSession(session); - pk11_FreeObject(srcObject); - pk11_FreeObject(destObject); + sftk_FreeSession(session); + sftk_FreeObject(srcObject); + sftk_FreeObject(destObject); return crv; } /* sensitive can only be changed to CK_TRUE */ - if (pk11_hasAttribute(destObject,CKA_SENSITIVE)) { - if (!pk11_isTrue(destObject,CKA_SENSITIVE)) { - pk11_FreeSession(session); - pk11_FreeObject(srcObject); - pk11_FreeObject(destObject); + if (sftk_hasAttribute(destObject,CKA_SENSITIVE)) { + if (!sftk_isTrue(destObject,CKA_SENSITIVE)) { + sftk_FreeSession(session); + sftk_FreeObject(srcObject); + sftk_FreeObject(destObject); return CKR_ATTRIBUTE_READ_ONLY; } } @@ -3762,19 +3762,19 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, /* don't create a token object if we aren't in a rw session */ /* we need to hold the lock to copy a consistant version of * the object. */ - crv = pk11_CopyObject(destObject,srcObject); + crv = sftk_CopyObject(destObject,srcObject); destObject->objclass = srcObject->objclass; - pk11_FreeObject(srcObject); + sftk_FreeObject(srcObject); if (crv != CKR_OK) { - pk11_FreeObject(destObject); - pk11_FreeSession(session); + sftk_FreeObject(destObject); + sftk_FreeSession(session); } - crv = pk11_handleObject(destObject,session); + crv = sftk_handleObject(destObject,session); *phNewObject = destObject->handle; - pk11_FreeSession(session); - pk11_FreeObject(destObject); + sftk_FreeSession(session); + sftk_FreeObject(destObject); return crv; } @@ -3791,10 +3791,10 @@ CK_RV NSC_GetObjectSize(CK_SESSION_HANDLE hSession, /* NSC_GetAttributeValue obtains the value of one or more object attributes. */ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); - PK11Session *session; - PK11Object *object; - PK11Attribute *attribute; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); + SFTKSession *session; + SFTKObject *object; + SFTKAttribute *attribute; PRBool sensitive; CK_RV crv; int i; @@ -3802,34 +3802,34 @@ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, /* * make sure we're allowed */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { return CKR_SESSION_HANDLE_INVALID; } - object = pk11_ObjectFromHandle(hObject,session); - pk11_FreeSession(session); + object = sftk_ObjectFromHandle(hObject,session); + sftk_FreeSession(session); if (object == NULL) { return CKR_OBJECT_HANDLE_INVALID; } /* don't read a private object if we aren't logged in */ if ((!slot->isLoggedIn) && (slot->needLogin) && - (pk11_isTrue(object,CKA_PRIVATE))) { - pk11_FreeObject(object); + (sftk_isTrue(object,CKA_PRIVATE))) { + sftk_FreeObject(object); return CKR_USER_NOT_LOGGED_IN; } crv = CKR_OK; - sensitive = pk11_isTrue(object,CKA_SENSITIVE); + sensitive = sftk_isTrue(object,CKA_SENSITIVE); for (i=0; i < (int) ulCount; i++) { /* Make sure that this attribute is retrievable */ - if (sensitive && pk11_isSensitive(pTemplate[i].type,object->objclass)) { + if (sensitive && sftk_isSensitive(pTemplate[i].type,object->objclass)) { crv = CKR_ATTRIBUTE_SENSITIVE; pTemplate[i].ulValueLen = -1; continue; } - attribute = pk11_FindAttribute(object,pTemplate[i].type); + attribute = sftk_FindAttribute(object,pTemplate[i].type); if (attribute == NULL) { crv = CKR_ATTRIBUTE_TYPE_INVALID; pTemplate[i].ulValueLen = -1; @@ -3840,20 +3840,20 @@ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, attribute->attrib.ulValueLen); } pTemplate[i].ulValueLen = attribute->attrib.ulValueLen; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); } - pk11_FreeObject(object); + sftk_FreeObject(object); return crv; } /* NSC_SetAttributeValue modifies the value of one or more object attributes */ CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); - PK11Session *session; - PK11Attribute *attribute; - PK11Object *object; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); + SFTKSession *session; + SFTKAttribute *attribute; + SFTKObject *object; PRBool isToken; CK_RV crv = CKR_OK; CK_BBOOL legal; @@ -3862,73 +3862,73 @@ CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, /* * make sure we're allowed */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { return CKR_SESSION_HANDLE_INVALID; } - object = pk11_ObjectFromHandle(hObject,session); + object = sftk_ObjectFromHandle(hObject,session); if (object == NULL) { - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OBJECT_HANDLE_INVALID; } /* don't modify a private object if we aren't logged in */ if ((!slot->isLoggedIn) && (slot->needLogin) && - (pk11_isTrue(object,CKA_PRIVATE))) { - pk11_FreeSession(session); - pk11_FreeObject(object); + (sftk_isTrue(object,CKA_PRIVATE))) { + sftk_FreeSession(session); + sftk_FreeObject(object); return CKR_USER_NOT_LOGGED_IN; } /* don't modify a token object if we aren't in a rw session */ - isToken = pk11_isTrue(object,CKA_TOKEN); + isToken = sftk_isTrue(object,CKA_TOKEN); if (((session->info.flags & CKF_RW_SESSION) == 0) && isToken) { - pk11_FreeSession(session); - pk11_FreeObject(object); + sftk_FreeSession(session); + sftk_FreeObject(object); return CKR_SESSION_READ_ONLY; } - pk11_FreeSession(session); + sftk_FreeSession(session); /* only change modifiable objects */ - if (!pk11_isTrue(object,CKA_MODIFIABLE)) { - pk11_FreeObject(object); + if (!sftk_isTrue(object,CKA_MODIFIABLE)) { + sftk_FreeObject(object); return CKR_ATTRIBUTE_READ_ONLY; } for (i=0; i < (int) ulCount; i++) { /* Make sure that this attribute is changeable */ - switch (pk11_modifyType(pTemplate[i].type,object->objclass)) { - case PK11_NEVER: - case PK11_ONCOPY: + switch (sftk_modifyType(pTemplate[i].type,object->objclass)) { + case SFTK_NEVER: + case SFTK_ONCOPY: default: crv = CKR_ATTRIBUTE_READ_ONLY; break; - case PK11_SENSITIVE: + case SFTK_SENSITIVE: legal = (pTemplate[i].type == CKA_EXTRACTABLE) ? CK_FALSE : CK_TRUE; if ((*(CK_BBOOL *)pTemplate[i].pValue) != legal) { crv = CKR_ATTRIBUTE_READ_ONLY; } break; - case PK11_ALWAYS: + case SFTK_ALWAYS: break; } if (crv != CKR_OK) break; /* find the old attribute */ - attribute = pk11_FindAttribute(object,pTemplate[i].type); + attribute = sftk_FindAttribute(object,pTemplate[i].type); if (attribute == NULL) { crv =CKR_ATTRIBUTE_TYPE_INVALID; break; } - pk11_FreeAttribute(attribute); - crv = pk11_forceAttribute(object,pk11_attr_expand(&pTemplate[i])); + sftk_FreeAttribute(attribute); + crv = sftk_forceAttribute(object,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) break; } - pk11_FreeObject(object); + sftk_FreeObject(object); return crv; } @@ -3946,37 +3946,37 @@ CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, /* * structure to collect key handles. */ -typedef struct pk11CrlDataStr { - PK11Slot *slot; - PK11SearchResults *searchHandles; +typedef struct sftkCrlDataStr { + SFTKSlot *slot; + SFTKSearchResults *searchHandles; CK_ATTRIBUTE *template; CK_ULONG templ_count; -} pk11CrlData; +} sftkCrlData; static SECStatus -pk11_crl_collect(SECItem *data, SECItem *key, certDBEntryType type, void *arg) +sftk_crl_collect(SECItem *data, SECItem *key, certDBEntryType type, void *arg) { - pk11CrlData *crlData; + sftkCrlData *crlData; CK_OBJECT_HANDLE class_handle; - PK11Slot *slot; + SFTKSlot *slot; - crlData = (pk11CrlData *)arg; + crlData = (sftkCrlData *)arg; slot = crlData->slot; - class_handle = (type == certDBEntryTypeRevocation) ? PK11_TOKEN_TYPE_CRL : - PK11_TOKEN_KRL_HANDLE; - if (pk11_tokenMatch(slot, key, class_handle, + class_handle = (type == certDBEntryTypeRevocation) ? SFTK_TOKEN_TYPE_CRL : + SFTK_TOKEN_KRL_HANDLE; + if (sftk_tokenMatch(slot, key, class_handle, crlData->template, crlData->templ_count)) { - pk11_addHandle(crlData->searchHandles, - pk11_mkHandle(slot,key,class_handle)); + sftk_addHandle(crlData->searchHandles, + sftk_mkHandle(slot,key,class_handle)); } return(SECSuccess); } static void -pk11_searchCrls(PK11Slot *slot, SECItem *derSubject, PRBool isKrl, - unsigned long classFlags, PK11SearchResults *search, +sftk_searchCrls(SFTKSlot *slot, SECItem *derSubject, PRBool isKrl, + unsigned long classFlags, SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount) { NSSLOWCERTCertDBHandle *certHandle = NULL; @@ -3990,12 +3990,12 @@ pk11_searchCrls(PK11Slot *slot, SECItem *derSubject, PRBool isKrl, nsslowcert_FindCrlByKey(certHandle, derSubject, isKrl); if (crl != NULL) { - pk11_addHandle(search, pk11_mkHandle(slot, derSubject, - isKrl ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL)); + sftk_addHandle(search, sftk_mkHandle(slot, derSubject, + isKrl ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL)); nsslowcert_DestroyDBEntry((certDBEntry *)crl); } } else { - pk11CrlData crlData; + sftkCrlData crlData; /* traverse */ crlData.slot = slot; @@ -4003,36 +4003,36 @@ pk11_searchCrls(PK11Slot *slot, SECItem *derSubject, PRBool isKrl, crlData.template = pTemplate; crlData.templ_count = ulCount; nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeRevocation, - pk11_crl_collect, (void *)&crlData); + sftk_crl_collect, (void *)&crlData); nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeKeyRevocation, - pk11_crl_collect, (void *)&crlData); + sftk_crl_collect, (void *)&crlData); } } /* * structure to collect key handles. */ -typedef struct pk11KeyDataStr { - PK11Slot *slot; - PK11SearchResults *searchHandles; +typedef struct sftkKeyDataStr { + SFTKSlot *slot; + SFTKSearchResults *searchHandles; SECItem *id; CK_ATTRIBUTE *template; CK_ULONG templ_count; unsigned long classFlags; PRBool isLoggedIn; PRBool strict; -} pk11KeyData; +} sftkKeyData; static SECStatus -pk11_key_collect(DBT *key, DBT *data, void *arg) +sftk_key_collect(DBT *key, DBT *data, void *arg) { - pk11KeyData *keyData; + sftkKeyData *keyData; NSSLOWKEYPrivateKey *privKey = NULL; SECItem tmpDBKey; - PK11Slot *slot; + SFTKSlot *slot; - keyData = (pk11KeyData *)arg; + keyData = (sftkKeyData *)arg; slot = keyData->slot; tmpDBKey.data = key->data; @@ -4077,16 +4077,16 @@ pk11_key_collect(DBT *key, DBT *data, void *arg) } if (haveMatch) { if (keyData->classFlags & NSC_PRIVATE) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(slot,&tmpDBKey,PK11_TOKEN_TYPE_PRIV)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_PRIV)); } if (keyData->classFlags & NSC_PUBLIC) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(slot,&tmpDBKey,PK11_TOKEN_TYPE_PUB)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_PUB)); } if (keyData->classFlags & NSC_KEY) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(slot,&tmpDBKey,PK11_TOKEN_TYPE_KEY)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_KEY)); } } return SECSuccess; @@ -4100,23 +4100,23 @@ pk11_key_collect(DBT *key, DBT *data, void *arg) if (isSecretKey(privKey)) { if ((keyData->classFlags & NSC_KEY) && - pk11_tokenMatch(keyData->slot, &tmpDBKey, PK11_TOKEN_TYPE_KEY, + sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_KEY, keyData->template, keyData->templ_count)) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(keyData->slot, &tmpDBKey, PK11_TOKEN_TYPE_KEY)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_KEY)); } } else { if ((keyData->classFlags & NSC_PRIVATE) && - pk11_tokenMatch(keyData->slot, &tmpDBKey, PK11_TOKEN_TYPE_PRIV, + sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_PRIV, keyData->template, keyData->templ_count)) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(keyData->slot,&tmpDBKey,PK11_TOKEN_TYPE_PRIV)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(keyData->slot,&tmpDBKey,SFTK_TOKEN_TYPE_PRIV)); } if ((keyData->classFlags & NSC_PUBLIC) && - pk11_tokenMatch(keyData->slot, &tmpDBKey, PK11_TOKEN_TYPE_PUB, + sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_PUB, keyData->template, keyData->templ_count)) { - pk11_addHandle(keyData->searchHandles, - pk11_mkHandle(keyData->slot, &tmpDBKey,PK11_TOKEN_TYPE_PUB)); + sftk_addHandle(keyData->searchHandles, + sftk_mkHandle(keyData->slot, &tmpDBKey,SFTK_TOKEN_TYPE_PUB)); } } @@ -4128,13 +4128,13 @@ loser: } static void -pk11_searchKeys(PK11Slot *slot, SECItem *key_id, PRBool isLoggedIn, - unsigned long classFlags, PK11SearchResults *search, PRBool mustStrict, +sftk_searchKeys(SFTKSlot *slot, SECItem *key_id, PRBool isLoggedIn, + unsigned long classFlags, SFTKSearchResults *search, PRBool mustStrict, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount) { NSSLOWKEYDBHandle *keyHandle = NULL; NSSLOWKEYPrivateKey *privKey; - pk11KeyData keyData; + sftkKeyData keyData; PRBool found = PR_FALSE; keyHandle = slot->keyDB; @@ -4146,18 +4146,18 @@ pk11_searchKeys(PK11Slot *slot, SECItem *key_id, PRBool isLoggedIn, privKey = nsslowkey_FindKeyByPublicKey(keyHandle, key_id, slot->password); if (privKey) { if ((classFlags & NSC_KEY) && isSecretKey(privKey)) { - pk11_addHandle(search, - pk11_mkHandle(slot,key_id,PK11_TOKEN_TYPE_KEY)); + sftk_addHandle(search, + sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_KEY)); found = PR_TRUE; } if ((classFlags & NSC_PRIVATE) && !isSecretKey(privKey)) { - pk11_addHandle(search, - pk11_mkHandle(slot,key_id,PK11_TOKEN_TYPE_PRIV)); + sftk_addHandle(search, + sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_PRIV)); found = PR_TRUE; } if ((classFlags & NSC_PUBLIC) && !isSecretKey(privKey)) { - pk11_addHandle(search, - pk11_mkHandle(slot,key_id,PK11_TOKEN_TYPE_PUB)); + sftk_addHandle(search, + sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_PUB)); found = PR_TRUE; } nsslowkey_DestroyPrivateKey(privKey); @@ -4185,14 +4185,14 @@ pk11_searchKeys(PK11Slot *slot, SECItem *key_id, PRBool isLoggedIn, keyData.classFlags = classFlags; keyData.strict = mustStrict ? mustStrict : NSC_STRICT; - nsslowkey_TraverseKeys(keyHandle, pk11_key_collect, &keyData); + nsslowkey_TraverseKeys(keyHandle, sftk_key_collect, &keyData); } /* * structure to collect certs into */ -typedef struct pk11CertDataStr { - PK11Slot *slot; +typedef struct sftkCertDataStr { + SFTKSlot *slot; int cert_count; int max_cert_count; NSSLOWCERTCertificate **certs; @@ -4200,15 +4200,15 @@ typedef struct pk11CertDataStr { CK_ULONG templ_count; unsigned long classFlags; PRBool strict; -} pk11CertData; +} sftkCertData; /* * collect all the certs from the traverse call. */ static SECStatus -pk11_cert_collect(NSSLOWCERTCertificate *cert,void *arg) +sftk_cert_collect(NSSLOWCERTCertificate *cert,void *arg) { - pk11CertData *cd = (pk11CertData *)arg; + sftkCertData *cd = (sftkCertData *)arg; if (cert == NULL) { return SECSuccess; @@ -4219,12 +4219,12 @@ pk11_cert_collect(NSSLOWCERTCertificate *cert,void *arg) } if (cd->strict) { - if ((cd->classFlags & NSC_CERT) && !pk11_tokenMatch(cd->slot, - &cert->certKey, PK11_TOKEN_TYPE_CERT, cd->template,cd->templ_count)) { + if ((cd->classFlags & NSC_CERT) && !sftk_tokenMatch(cd->slot, + &cert->certKey, SFTK_TOKEN_TYPE_CERT, cd->template,cd->templ_count)) { return SECSuccess; } - if ((cd->classFlags & NSC_TRUST) && !pk11_tokenMatch(cd->slot, - &cert->certKey, PK11_TOKEN_TYPE_TRUST, + if ((cd->classFlags & NSC_TRUST) && !sftk_tokenMatch(cd->slot, + &cert->certKey, SFTK_TOKEN_TYPE_TRUST, cd->template, cd->templ_count)) { return SECSuccess; } @@ -4248,19 +4248,19 @@ pk11_cert_collect(NSSLOWCERTCertificate *cert,void *arg) /* provide impedence matching ... */ static SECStatus -pk11_cert_collect2(NSSLOWCERTCertificate *cert, SECItem *dymmy, void *arg) +sftk_cert_collect2(NSSLOWCERTCertificate *cert, SECItem *dymmy, void *arg) { - return pk11_cert_collect(cert, arg); + return sftk_cert_collect(cert, arg); } static void -pk11_searchSingleCert(pk11CertData *certData,NSSLOWCERTCertificate *cert) +sftk_searchSingleCert(sftkCertData *certData,NSSLOWCERTCertificate *cert) { if (cert == NULL) { return; } if (certData->strict && - !pk11_tokenMatch(certData->slot, &cert->certKey, PK11_TOKEN_TYPE_CERT, + !sftk_tokenMatch(certData->slot, &cert->certKey, SFTK_TOKEN_TYPE_CERT, certData->template,certData->templ_count)) { nsslowcert_DestroyCertificate(cert); return; @@ -4276,7 +4276,7 @@ pk11_searchSingleCert(pk11CertData *certData,NSSLOWCERTCertificate *cert) } static void -pk11_CertSetupData(pk11CertData *certData,int count) +sftk_CertSetupData(sftkCertData *certData,int count) { certData->max_cert_count = count; @@ -4289,14 +4289,14 @@ pk11_CertSetupData(pk11CertData *certData,int count) } static void -pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, +sftk_searchCertsAndTrust(SFTKSlot *slot, SECItem *derCert, SECItem *name, SECItem *derSubject, NSSLOWCERTIssuerAndSN *issuerSN, SECItem *email, - unsigned long classFlags, PK11SearchResults *handles, + unsigned long classFlags, SFTKSearchResults *handles, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount) { NSSLOWCERTCertDBHandle *certHandle = NULL; - pk11CertData certData; + sftkCertData certData; int i; certHandle = slot->certDB; @@ -4318,7 +4318,7 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, if (derCert->data != NULL) { NSSLOWCERTCertificate *cert = nsslowcert_FindCertByDERCert(certHandle,derCert); - pk11_searchSingleCert(&certData,cert); + sftk_searchSingleCert(&certData,cert); } else if (name->data != NULL) { char *tmp_name = (char*)PORT_Alloc(name->len+1); int count; @@ -4330,32 +4330,32 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, tmp_name[name->len] = 0; count= nsslowcert_NumPermCertsForNickname(certHandle,tmp_name); - pk11_CertSetupData(&certData,count); + sftk_CertSetupData(&certData,count); nsslowcert_TraversePermCertsForNickname(certHandle,tmp_name, - pk11_cert_collect, &certData); + sftk_cert_collect, &certData); PORT_Free(tmp_name); } else if (derSubject->data != NULL) { int count; count = nsslowcert_NumPermCertsForSubject(certHandle,derSubject); - pk11_CertSetupData(&certData,count); + sftk_CertSetupData(&certData,count); nsslowcert_TraversePermCertsForSubject(certHandle,derSubject, - pk11_cert_collect, &certData); + sftk_cert_collect, &certData); } else if ((issuerSN->derIssuer.data != NULL) && (issuerSN->serialNumber.data != NULL)) { if (classFlags & NSC_CERT) { NSSLOWCERTCertificate *cert = nsslowcert_FindCertByIssuerAndSN(certHandle,issuerSN); - pk11_searchSingleCert(&certData,cert); + sftk_searchSingleCert(&certData,cert); } if (classFlags & NSC_TRUST) { NSSLOWCERTTrust *trust = nsslowcert_FindTrustByIssuerAndSN(certHandle, issuerSN); if (trust) { - pk11_addHandle(handles, - pk11_mkHandle(slot,&trust->dbKey,PK11_TOKEN_TYPE_TRUST)); + sftk_addHandle(handles, + sftk_mkHandle(slot,&trust->dbKey,SFTK_TOKEN_TYPE_TRUST)); nsslowcert_DestroyTrust(trust); } } @@ -4375,9 +4375,9 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, SECItem *subjectName = &entry->subjectName; count = nsslowcert_NumPermCertsForSubject(certHandle, subjectName); - pk11_CertSetupData(&certData,count); + sftk_CertSetupData(&certData,count); nsslowcert_TraversePermCertsForSubject(certHandle, subjectName, - pk11_cert_collect, &certData); + sftk_cert_collect, &certData); nsslowcert_DestroyDBEntry((certDBEntry *)entry); } @@ -4386,8 +4386,8 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, /* we aren't filtering the certs, we are working on all, so turn * on the strict filters. */ certData.strict = PR_TRUE; - pk11_CertSetupData(&certData,NSC_CERT_BLOCK_SIZE); - nsslowcert_TraversePermCerts(certHandle, pk11_cert_collect2, &certData); + sftk_CertSetupData(&certData,NSC_CERT_BLOCK_SIZE); + nsslowcert_TraversePermCerts(certHandle, sftk_cert_collect2, &certData); } /* @@ -4398,12 +4398,12 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, /* if we filtered it would have been on the stuff above */ if (classFlags & NSC_CERT) { - pk11_addHandle(handles, - pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT)); + sftk_addHandle(handles, + sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_CERT)); } if ((classFlags & NSC_TRUST) && nsslowcert_hasTrust(cert->trust)) { - pk11_addHandle(handles, - pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_TRUST)); + sftk_addHandle(handles, + sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_TRUST)); } nsslowcert_DestroyCertificate(cert); } @@ -4413,7 +4413,7 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, } static void -pk11_searchSMime(PK11Slot *slot, SECItem *email, PK11SearchResults *handles, +sftk_searchSMime(SFTKSlot *slot, SECItem *email, SFTKSearchResults *handles, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount) { NSSLOWCERTCertDBHandle *certHandle = NULL; @@ -4438,8 +4438,8 @@ pk11_searchSMime(PK11Slot *slot, SECItem *email, PK11SearchResults *handles, emailKey.data = (unsigned char *)tmp_name; emailKey.len = PORT_Strlen(tmp_name)+1; emailKey.type = 0; - pk11_addHandle(handles, - pk11_mkHandle(slot,&emailKey,PK11_TOKEN_TYPE_SMIME)); + sftk_addHandle(handles, + sftk_mkHandle(slot,&emailKey,SFTK_TOKEN_TYPE_SMIME)); nsslowcert_DestroyDBEntry((certDBEntry *)entry); } PORT_Free(tmp_name); @@ -4448,7 +4448,7 @@ pk11_searchSMime(PK11Slot *slot, SECItem *email, PK11SearchResults *handles, } static CK_RV -pk11_searchTokenList(PK11Slot *slot, PK11SearchResults *search, +sftk_searchTokenList(SFTKSlot *slot, SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount, PRBool *tokenOnly, PRBool isLoggedIn) { @@ -4639,7 +4639,7 @@ pk11_searchTokenList(PK11Slot *slot, PK11SearchResults *search, /* certs */ if (classFlags & (NSC_CERT|NSC_TRUST)) { - pk11_searchCertsAndTrust(slot,&derCert,&name,&derSubject, + sftk_searchCertsAndTrust(slot,&derCert,&name,&derSubject, &issuerSN, &email,classFlags,search, pTemplate, ulCount); } @@ -4647,18 +4647,18 @@ pk11_searchTokenList(PK11Slot *slot, PK11SearchResults *search, /* keys */ if (classFlags & (NSC_PRIVATE|NSC_PUBLIC|NSC_KEY)) { PRBool mustStrict = ((classFlags & NSC_KEY) != 0) && (name.len != 0); - pk11_searchKeys(slot, &key_id, isLoggedIn, classFlags, search, + sftk_searchKeys(slot, &key_id, isLoggedIn, classFlags, search, mustStrict, pTemplate, ulCount); } /* crl's */ if (classFlags & NSC_CRL) { - pk11_searchCrls(slot, &derSubject, isKrl, classFlags, search, + sftk_searchCrls(slot, &derSubject, isKrl, classFlags, search, pTemplate, ulCount); } /* Add S/MIME entry stuff */ if (classFlags & NSC_SMIME) { - pk11_searchSMime(slot, &email, search, pTemplate, ulCount); + sftk_searchSMime(slot, &email, search, pTemplate, ulCount); } return CKR_OK; } @@ -4669,20 +4669,20 @@ pk11_searchTokenList(PK11Slot *slot, PK11SearchResults *search, CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { - PK11SearchResults *search = NULL, *freeSearch = NULL; - PK11Session *session = NULL; - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); + SFTKSearchResults *search = NULL, *freeSearch = NULL; + SFTKSession *session = NULL; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); PRBool tokenOnly = PR_FALSE; CK_RV crv = CKR_OK; PRBool isLoggedIn; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { crv = CKR_SESSION_HANDLE_INVALID; goto loser; } - search = (PK11SearchResults *)PORT_Alloc(sizeof(PK11SearchResults)); + search = (SFTKSearchResults *)PORT_Alloc(sizeof(SFTKSearchResults)); if (search == NULL) { crv = CKR_HOST_MEMORY; goto loser; @@ -4698,7 +4698,7 @@ CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, search->array_size = NSC_SEARCH_BLOCK_SIZE; isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn); - crv = pk11_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly, + crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly, isLoggedIn); if (crv != CKR_OK) { goto loser; @@ -4706,7 +4706,7 @@ CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, /* build list of found objects in the session */ if (!tokenOnly) { - crv = pk11_searchObjectList(search, slot->tokObjects, + crv = sftk_searchObjectList(search, slot->tokObjects, slot->tokObjHashSize, slot->objectLock, pTemplate, ulCount, isLoggedIn); } @@ -4716,18 +4716,18 @@ CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, if ((freeSearch = session->search) != NULL) { session->search = NULL; - pk11_FreeSearch(freeSearch); + sftk_FreeSearch(freeSearch); } session->search = search; - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; loser: if (search) { - pk11_FreeSearch(search); + sftk_FreeSearch(search); } if (session) { - pk11_FreeSession(session); + sftk_FreeSession(session); } return crv; } @@ -4739,16 +4739,16 @@ CK_RV NSC_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject,CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) { - PK11Session *session; - PK11SearchResults *search; + SFTKSession *session; + SFTKSearchResults *search; int transfer; int left; *pulObjectCount = 0; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; if (session->search == NULL) { - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } search = session->search; @@ -4764,26 +4764,26 @@ CK_RV NSC_FindObjects(CK_SESSION_HANDLE hSession, search->index += transfer; if (search->index == search->size) { session->search = NULL; - pk11_FreeSearch(search); + sftk_FreeSearch(search); } *pulObjectCount = transfer; - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } /* NSC_FindObjectsFinal finishes a search for token and session objects. */ CK_RV NSC_FindObjectsFinal(CK_SESSION_HANDLE hSession) { - PK11Session *session; - PK11SearchResults *search; + SFTKSession *session; + SFTKSearchResults *search; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; search = session->search; session->search = NULL; - pk11_FreeSession(session); + sftk_FreeSession(session); if (search != NULL) { - pk11_FreeSearch(search); + sftk_FreeSearch(search); } return CKR_OK; } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 3954b30f6ee2..97315fcbb86a 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -90,7 +90,7 @@ #include "pkcs11f.h" -static void pk11_Null(void *data, PRBool freeit) +static void sftk_Null(void *data, PRBool freeit) { return; } @@ -116,19 +116,19 @@ extern SECStatus EC_DecodeParams(const SECItem *encodedParams, * other free routines to the destroy signature. */ static void -pk11_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) +sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) { nsslowkey_DestroyPrivateKey(key); } static void -pk11_HMAC_Destroy(HMACContext *context, PRBool freeit) +sftk_HMAC_Destroy(HMACContext *context, PRBool freeit) { HMAC_Destroy(context); } static void -pk11_Space(void *data, PRBool freeit) +sftk_Space(void *data, PRBool freeit) { PORT_Free(data); } @@ -139,7 +139,7 @@ pk11_Space(void *data, PRBool freeit) * Deprecating a full des key to 40 bit key strenth. */ static CK_RV -pk11_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) +sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) { unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae }; unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 }; @@ -179,7 +179,7 @@ pk11_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) if (rv != SECSuccess) return CKR_DEVICE_ERROR; /* set the corret parity on our new des key */ - pk11_FormatDESKey(deskey, 8); + sftk_FormatDESKey(deskey, 8); return CKR_OK; } @@ -188,46 +188,46 @@ pk11_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) CK_RV NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) { - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); - PK11Session *session; - PK11Object *object; - PK11FreeStatus status; + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); + SFTKSession *session; + SFTKObject *object; + SFTKFreeStatus status; /* * This whole block just makes sure we really can destroy the * requested object. */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { return CKR_SESSION_HANDLE_INVALID; } - object = pk11_ObjectFromHandle(hObject,session); + object = sftk_ObjectFromHandle(hObject,session); if (object == NULL) { - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OBJECT_HANDLE_INVALID; } /* don't destroy a private object if we aren't logged in */ if ((!slot->isLoggedIn) && (slot->needLogin) && - (pk11_isTrue(object,CKA_PRIVATE))) { - pk11_FreeSession(session); - pk11_FreeObject(object); + (sftk_isTrue(object,CKA_PRIVATE))) { + sftk_FreeSession(session); + sftk_FreeObject(object); return CKR_USER_NOT_LOGGED_IN; } /* don't destroy a token object if we aren't in a rw session */ if (((session->info.flags & CKF_RW_SESSION) == 0) && - (pk11_isTrue(object,CKA_TOKEN))) { - pk11_FreeSession(session); - pk11_FreeObject(object); + (sftk_isTrue(object,CKA_TOKEN))) { + sftk_FreeSession(session); + sftk_FreeObject(object); return CKR_SESSION_READ_ONLY; } - pk11_DeleteObject(session,object); + sftk_DeleteObject(session,object); - pk11_FreeSession(session); + sftk_FreeSession(session); /* * get some indication if the object is destroyed. Note: this is not @@ -236,9 +236,9 @@ NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) * destroyed. Our internal representation is destroyed, but it may still * be in the data base. */ - status = pk11_FreeObject(object); + status = sftk_FreeObject(object); - return (status != PK11_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR; + return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -248,45 +248,45 @@ NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) /* - * return a context based on the PK11Context type. + * return a context based on the SFTKContext type. */ -PK11SessionContext * -pk11_ReturnContextByType(PK11Session *session, PK11ContextType type) +SFTKSessionContext * +sftk_ReturnContextByType(SFTKSession *session, SFTKContextType type) { switch (type) { - case PK11_ENCRYPT: - case PK11_DECRYPT: + case SFTK_ENCRYPT: + case SFTK_DECRYPT: return session->enc_context; - case PK11_HASH: + case SFTK_HASH: return session->hash_context; - case PK11_SIGN: - case PK11_SIGN_RECOVER: - case PK11_VERIFY: - case PK11_VERIFY_RECOVER: + case SFTK_SIGN: + case SFTK_SIGN_RECOVER: + case SFTK_VERIFY: + case SFTK_VERIFY_RECOVER: return session->hash_context; } return NULL; } /* - * change a context based on the PK11Context type. + * change a context based on the SFTKContext type. */ void -pk11_SetContextByType(PK11Session *session, PK11ContextType type, - PK11SessionContext *context) +sftk_SetContextByType(SFTKSession *session, SFTKContextType type, + SFTKSessionContext *context) { switch (type) { - case PK11_ENCRYPT: - case PK11_DECRYPT: + case SFTK_ENCRYPT: + case SFTK_DECRYPT: session->enc_context = context; break; - case PK11_HASH: + case SFTK_HASH: session->hash_context = context; break; - case PK11_SIGN: - case PK11_SIGN_RECOVER: - case PK11_VERIFY: - case PK11_VERIFY_RECOVER: + case SFTK_SIGN: + case SFTK_SIGN_RECOVER: + case SFTK_VERIFY: + case SFTK_VERIFY_RECOVER: session->hash_context = context; break; } @@ -301,25 +301,25 @@ pk11_SetContextByType(PK11Session *session, PK11ContextType type, * pointer is returned, the caller is responsible for freeing it. */ static CK_RV -pk11_GetContext(CK_SESSION_HANDLE handle,PK11SessionContext **contextPtr, - PK11ContextType type, PRBool needMulti, PK11Session **sessionPtr) +sftk_GetContext(CK_SESSION_HANDLE handle,SFTKSessionContext **contextPtr, + SFTKContextType type, PRBool needMulti, SFTKSession **sessionPtr) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; - session = pk11_SessionFromHandle(handle); + session = sftk_SessionFromHandle(handle); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - context = pk11_ReturnContextByType(session,type); + context = sftk_ReturnContextByType(session,type); /* make sure the context is valid */ if((context==NULL)||(context->type!=type)||(needMulti&&!(context->multi))){ - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OPERATION_NOT_INITIALIZED; } *contextPtr = context; if (sessionPtr != NULL) { *sessionPtr = session; } else { - pk11_FreeSession(session); + sftk_FreeSession(session); } return CKR_OK; } @@ -333,54 +333,54 @@ pk11_GetContext(CK_SESSION_HANDLE handle,PK11SessionContext **contextPtr, * all need to do at the beginning. This is done here. */ static CK_RV -pk11_InitGeneric(PK11Session *session,PK11SessionContext **contextPtr, - PK11ContextType ctype,PK11Object **keyPtr, +sftk_InitGeneric(SFTKSession *session,SFTKSessionContext **contextPtr, + SFTKContextType ctype,SFTKObject **keyPtr, CK_OBJECT_HANDLE hKey, CK_KEY_TYPE *keyTypePtr, CK_OBJECT_CLASS pubKeyType, CK_ATTRIBUTE_TYPE operation) { - PK11Object *key = NULL; - PK11Attribute *att; - PK11SessionContext *context; + SFTKObject *key = NULL; + SFTKAttribute *att; + SFTKSessionContext *context; /* We can only init if there is not current context active */ - if (pk11_ReturnContextByType(session,ctype) != NULL) { + if (sftk_ReturnContextByType(session,ctype) != NULL) { return CKR_OPERATION_ACTIVE; } /* find the key */ if (keyPtr) { - key = pk11_ObjectFromHandle(hKey,session); + key = sftk_ObjectFromHandle(hKey,session); if (key == NULL) { return CKR_KEY_HANDLE_INVALID; } /* make sure it's a valid key for this operation */ if (((key->objclass != CKO_SECRET_KEY) && (key->objclass != pubKeyType)) - || !pk11_isTrue(key,operation)) { - pk11_FreeObject(key); + || !sftk_isTrue(key,operation)) { + sftk_FreeObject(key); return CKR_KEY_TYPE_INCONSISTENT; } /* get the key type */ - att = pk11_FindAttribute(key,CKA_KEY_TYPE); + att = sftk_FindAttribute(key,CKA_KEY_TYPE); if (att == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_KEY_TYPE_INCONSISTENT; } PORT_Assert(att->attrib.ulValueLen == sizeof(CK_KEY_TYPE)); if (att->attrib.ulValueLen != sizeof(CK_KEY_TYPE)) { - pk11_FreeAttribute(att); - pk11_FreeObject(key); + sftk_FreeAttribute(att); + sftk_FreeObject(key); return CKR_ATTRIBUTE_VALUE_INVALID; } PORT_Memcpy(keyTypePtr, att->attrib.pValue, sizeof(CK_KEY_TYPE)); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); *keyPtr = key; } /* allocate the context structure */ - context = (PK11SessionContext *)PORT_Alloc(sizeof(PK11SessionContext)); + context = (SFTKSessionContext *)PORT_Alloc(sizeof(SFTKSessionContext)); if (context == NULL) { - if (key) pk11_FreeObject(key); + if (key) sftk_FreeObject(key); return CKR_HOST_MEMORY; } context->type = ctype; @@ -399,18 +399,18 @@ pk11_InitGeneric(PK11Session *session,PK11SessionContext **contextPtr, /* NSC_CryptInit initializes an encryption/Decryption operation. */ /* This function is used by NSC_EncryptInit, NSC_DecryptInit, * NSC_WrapKey, NSC_UnwrapKey, - * NSC_SignInit, NSC_VerifyInit (via pk11_InitCBCMac), + * NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac), * The only difference in their uses is the value of etype. */ static CK_RV -pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, +sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE etype, - PK11ContextType contextType, PRBool isEncrypt) + SFTKContextType contextType, PRBool isEncrypt) { - PK11Session *session; - PK11Object *key; - PK11SessionContext *context; - PK11Attribute *att; + SFTKSession *session; + SFTKObject *key; + SFTKSessionContext *context; + SFTKAttribute *att; CK_RC2_CBC_PARAMS *rc2_param; #if NSS_SOFTOKEN_DOES_RC5 CK_RC5_CBC_PARAMS *rc5_param; @@ -423,18 +423,18 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, PRBool useNewKey=PR_FALSE; int t; - crv = pk11_MechAllowsOperation(pMechanism->mechanism, etype); + crv = sftk_MechAllowsOperation(pMechanism->mechanism, etype); if (crv != CKR_OK) return crv; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - crv = pk11_InitGeneric(session,&context,contextType,&key,hKey,&key_type, + crv = sftk_InitGeneric(session,&context,contextType,&key,hKey,&key_type, isEncrypt ?CKO_PUBLIC_KEY:CKO_PRIVATE_KEY, etype); if (crv != CKR_OK) { - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -448,21 +448,21 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->multi = PR_FALSE; context->cipherInfo = isEncrypt ? - (void *)pk11_GetPubKey(key,CKK_RSA,&crv) : - (void *)pk11_GetPrivKey(key,CKK_RSA,&crv); + (void *)sftk_GetPubKey(key,CKK_RSA,&crv) : + (void *)sftk_GetPrivKey(key,CKK_RSA,&crv); if (context->cipherInfo == NULL) { break; } if (isEncrypt) { - context->update = (PK11Cipher) + context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509 ? RSA_EncryptRaw : RSA_EncryptBlock); } else { - context->update = (PK11Cipher) + context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509 ? RSA_DecryptRaw : RSA_DecryptBlock); } - context->destroy = pk11_Null; + context->destroy = sftk_Null; break; case CKM_RC2_CBC_PAD: context->doPad = PR_TRUE; @@ -474,7 +474,7 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -486,13 +486,13 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, att->attrib.ulValueLen, rc2_param->iv, pMechanism->mechanism == CKM_RC2_ECB ? NSS_RC2 : NSS_RC2_CBC,effectiveKeyLength); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } - context->update = (PK11Cipher) (isEncrypt ? RC2_Encrypt : RC2_Decrypt); - context->destroy = (PK11Destroy) RC2_DestroyContext; + context->update = (SFTKCipher) (isEncrypt ? RC2_Encrypt : RC2_Decrypt); + context->destroy = (SFTKDestroy) RC2_DestroyContext; break; #if NSS_SOFTOKEN_DOES_RC5 case CKM_RC5_CBC_PAD: @@ -504,7 +504,7 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -516,13 +516,13 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, context->cipherInfo = RC5_CreateContext(&rc5Key,rc5_param->ulRounds, rc5_param->ulWordsize,rc5_param->pIv, pMechanism->mechanism == CKM_RC5_ECB ? NSS_RC5 : NSS_RC5_CBC); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } - context->update = (PK11Cipher) (isEncrypt ? RC5_Encrypt : RC5_Decrypt); - context->destroy = (PK11Destroy) RC5_DestroyContext; + context->update = (SFTKCipher) (isEncrypt ? RC5_Encrypt : RC5_Decrypt); + context->destroy = (SFTKDestroy) RC5_DestroyContext; break; #endif case CKM_RC4: @@ -530,7 +530,7 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -538,13 +538,13 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, context->cipherInfo = RC4_CreateContext((unsigned char*)att->attrib.pValue, att->attrib.ulValueLen); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; /* WRONG !!! */ break; } - context->update = (PK11Cipher) (isEncrypt ? RC4_Encrypt : RC4_Decrypt); - context->destroy = (PK11Destroy) RC4_DestroyContext; + context->update = (SFTKCipher) (isEncrypt ? RC4_Encrypt : RC4_Decrypt); + context->destroy = (SFTKDestroy) RC4_DestroyContext; break; case CKM_CDMF_CBC_PAD: context->doPad = PR_TRUE; @@ -593,7 +593,7 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, t = NSS_DES_EDE3_CBC; finish_des: context->blockSize = 8; - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -605,9 +605,9 @@ finish_des: memcpy(newdeskey + 16, newdeskey, 8); useNewKey=PR_TRUE; } else if (key_type == CKK_CDMF) { - crv = pk11_cdmf2des((unsigned char*)att->attrib.pValue,newdeskey); + crv = sftk_cdmf2des((unsigned char*)att->attrib.pValue,newdeskey); if (crv != CKR_OK) { - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); break; } useNewKey=PR_TRUE; @@ -617,13 +617,13 @@ finish_des: (unsigned char*)pMechanism->pParameter,t, isEncrypt); if (useNewKey) memset(newdeskey, 0, sizeof newdeskey); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } - context->update = (PK11Cipher) (isEncrypt ? DES_Encrypt : DES_Decrypt); - context->destroy = (PK11Destroy) DES_DestroyContext; + context->update = (SFTKCipher) (isEncrypt ? DES_Encrypt : DES_Decrypt); + context->destroy = (SFTKDestroy) DES_DestroyContext; break; case CKM_AES_CBC_PAD: @@ -636,7 +636,7 @@ finish_des: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -646,13 +646,13 @@ finish_des: (unsigned char*)pMechanism->pParameter, pMechanism->mechanism == CKM_AES_ECB ? NSS_AES : NSS_AES_CBC, isEncrypt, att->attrib.ulValueLen, 16); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } - context->update = (PK11Cipher) (isEncrypt ? AES_Encrypt : AES_Decrypt); - context->destroy = (PK11Destroy) AES_DestroyContext; + context->update = (SFTKCipher) (isEncrypt ? AES_Encrypt : AES_Decrypt); + context->destroy = (SFTKDestroy) AES_DestroyContext; break; case CKM_NETSCAPE_AES_KEY_WRAP_PAD: @@ -665,7 +665,7 @@ finish_des: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att = pk11_FindAttribute(key,CKA_VALUE); + att = sftk_FindAttribute(key,CKA_VALUE); if (att == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; @@ -674,14 +674,14 @@ finish_des: (unsigned char*)att->attrib.pValue, (unsigned char*)pMechanism->pParameter, isEncrypt, att->attrib.ulValueLen); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); if (context->cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } - context->update = (PK11Cipher) (isEncrypt ? AESKeyWrap_Encrypt + context->update = (SFTKCipher) (isEncrypt ? AESKeyWrap_Encrypt : AESKeyWrap_Decrypt); - context->destroy = (PK11Destroy) AESKeyWrap_DestroyContext; + context->destroy = (SFTKDestroy) AESKeyWrap_DestroyContext; break; default: @@ -690,12 +690,12 @@ finish_des: } if (crv != CKR_OK) { - pk11_FreeContext(context); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_FreeSession(session); return crv; } - pk11_SetContextByType(session, contextType, context); - pk11_FreeSession(session); + sftk_SetContextByType(session, contextType, context); + sftk_FreeSession(session); return CKR_OK; } @@ -703,8 +703,8 @@ finish_des: CK_RV NSC_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - return pk11_CryptInit(hSession, pMechanism, hKey, CKA_ENCRYPT, - PK11_ENCRYPT, PR_TRUE); + return sftk_CryptInit(hSession, pMechanism, hKey, CKA_ENCRYPT, + SFTK_ENCRYPT, PR_TRUE); } /* NSC_EncryptUpdate continues a multiple-part encryption operation. */ @@ -712,7 +712,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) { - PK11SessionContext *context; + SFTKSessionContext *context; unsigned int outlen,i; unsigned int padoutlen = 0; unsigned int maxout = *pulEncryptedPartLen; @@ -720,7 +720,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, SECStatus rv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_TRUE,NULL); + crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_TRUE,NULL); if (crv != CKR_OK) return crv; /* do padding */ @@ -776,8 +776,8 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_RV NSC_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen,i; unsigned int maxout = *pulLastEncryptedPartLen; CK_RV crv; @@ -785,7 +785,7 @@ CK_RV NSC_EncryptFinal(CK_SESSION_HANDLE hSession, PRBool contextFinished = PR_TRUE; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_TRUE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_TRUE,&session); if (crv != CKR_OK) return crv; *pulLastEncryptedPartLen = 0; @@ -813,10 +813,10 @@ CK_RV NSC_EncryptFinal(CK_SESSION_HANDLE hSession, finish: if (contextFinished) { - pk11_SetContextByType(session, PK11_ENCRYPT, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_ENCRYPT, NULL); + sftk_FreeContext(context); } - pk11_FreeSession(session); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -825,8 +825,8 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int maxoutlen = *pulEncryptedDataLen; CK_RV crv; @@ -839,7 +839,7 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, pText.len = ulDataLen; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_FALSE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_FALSE,&session); if (crv != CKR_OK) return crv; if (!pEncryptedData) { @@ -852,7 +852,7 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG finalLen; /* padding is fairly complicated, have the update and final * code deal with it */ - pk11_FreeSession(session); + sftk_FreeSession(session); crv = NSC_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); if (crv != CKR_OK) @@ -892,10 +892,10 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, if (pText.data != pData) PORT_ZFree(pText.data, pText.len); fail: - pk11_SetContextByType(session, PK11_ENCRYPT, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_ENCRYPT, NULL); + sftk_FreeContext(context); finish: - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -909,8 +909,8 @@ finish: CK_RV NSC_DecryptInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - return pk11_CryptInit(hSession, pMechanism, hKey, CKA_DECRYPT, - PK11_DECRYPT, PR_FALSE); + return sftk_CryptInit(hSession, pMechanism, hKey, CKA_DECRYPT, + SFTK_DECRYPT, PR_FALSE); } /* NSC_DecryptUpdate continues a multiple-part decryption operation. */ @@ -918,7 +918,7 @@ CK_RV NSC_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) { - PK11SessionContext *context; + SFTKSessionContext *context; unsigned int padoutlen = 0; unsigned int outlen; unsigned int maxout = *pulPartLen; @@ -926,7 +926,7 @@ CK_RV NSC_DecryptUpdate(CK_SESSION_HANDLE hSession, SECStatus rv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_TRUE,NULL); + crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,NULL); if (crv != CKR_OK) return crv; if (context->doPad) { @@ -957,8 +957,8 @@ CK_RV NSC_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int maxout = *pulLastPartLen; CK_RV crv; @@ -966,7 +966,7 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession, PRBool contextFinished = PR_TRUE; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_TRUE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,&session); if (crv != CKR_OK) return crv; *pulLastPartLen = 0; @@ -1000,10 +1000,10 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession, finish: if (contextFinished) { - pk11_SetContextByType(session, PK11_DECRYPT, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_DECRYPT, NULL); + sftk_FreeContext(context); } - pk11_FreeSession(session); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -1012,8 +1012,8 @@ CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int maxoutlen = *pulDataLen; CK_RV crv; @@ -1021,7 +1021,7 @@ CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, SECStatus rv = SECSuccess; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_FALSE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_FALSE,&session); if (crv != CKR_OK) return crv; if (!pData) { @@ -1033,7 +1033,7 @@ CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, CK_ULONG finalLen; /* padding is fairly complicated, have the update and final * code deal with it */ - pk11_FreeSession(session); + sftk_FreeSession(session); crv = NSC_DecryptUpdate(hSession,pEncryptedData,ulEncryptedDataLen, pData, pulDataLen); if (crv != CKR_OK) @@ -1059,10 +1059,10 @@ CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, outlen -= padding; } *pulDataLen = (CK_ULONG) outlen; - pk11_SetContextByType(session, PK11_DECRYPT, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_DECRYPT, NULL); + sftk_FreeContext(context); finish: - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -1076,16 +1076,16 @@ finish: CK_RV NSC_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; CK_RV crv = CKR_OK; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - crv = pk11_InitGeneric(session,&context,PK11_HASH,NULL,0,NULL, 0, 0); + crv = sftk_InitGeneric(session,&context,SFTK_HASH,NULL,0,NULL, 0, 0); if (crv != CKR_OK) { - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -1096,9 +1096,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE hSession, context->cipherInfo = (void *)mmm ## _ctx; \ context->cipherInfoLen = mmm ## _FlattenSize(mmm ## _ctx); \ context->currentMech = mech; \ - context->hashUpdate = (PK11Hash) mmm ## _Update; \ - context->end = (PK11End) mmm ## _End; \ - context->destroy = (PK11Destroy) mmm ## _DestroyContext; \ + context->hashUpdate = (SFTKHash) mmm ## _Update; \ + context->end = (SFTKEnd) mmm ## _End; \ + context->destroy = (SFTKDestroy) mmm ## _DestroyContext; \ context->maxLen = mmm ## _LENGTH; \ if (mmm ## _ctx) \ mmm ## _Begin(mmm ## _ctx); \ @@ -1121,12 +1121,12 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE hSession, } if (crv != CKR_OK) { - pk11_FreeContext(context); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_FreeSession(session); return crv; } - pk11_SetContextByType(session, PK11_HASH, context); - pk11_FreeSession(session); + sftk_SetContextByType(session, SFTK_HASH, context); + sftk_FreeSession(session); return CKR_OK; } @@ -1136,14 +1136,14 @@ CK_RV NSC_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int digestLen; unsigned int maxout = *pulDigestLen; CK_RV crv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_HASH,PR_FALSE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_HASH,PR_FALSE,&session); if (crv != CKR_OK) return crv; if (pDigest == NULL) { @@ -1157,10 +1157,10 @@ CK_RV NSC_Digest(CK_SESSION_HANDLE hSession, (*context->end)(context->cipherInfo, pDigest, &digestLen,maxout); *pulDigestLen = digestLen; - pk11_SetContextByType(session, PK11_HASH, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_HASH, NULL); + sftk_FreeContext(context); finish: - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } @@ -1169,11 +1169,11 @@ finish: CK_RV NSC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_ULONG ulPartLen) { - PK11SessionContext *context; + SFTKSessionContext *context; CK_RV crv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_HASH,PR_TRUE,NULL); + crv = sftk_GetContext(hSession,&context,SFTK_HASH,PR_TRUE,NULL); if (crv != CKR_OK) return crv; /* do it: */ (*context->hashUpdate)(context->cipherInfo, pPart, ulPartLen); @@ -1185,26 +1185,26 @@ CK_RV NSC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_RV NSC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int maxout = *pulDigestLen; unsigned int digestLen; CK_RV crv; /* make sure we're legal */ - crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE, &session); + crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, &session); if (crv != CKR_OK) return crv; if (pDigest != NULL) { (*context->end)(context->cipherInfo, pDigest, &digestLen, maxout); *pulDigestLen = digestLen; - pk11_SetContextByType(session, PK11_HASH, NULL); - pk11_FreeContext(context); + sftk_SetContextByType(session, SFTK_HASH, NULL); + sftk_FreeContext(context); } else { *pulDigestLen = context->maxLen; } - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } @@ -1214,12 +1214,12 @@ CK_RV NSC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest, */ #define DOSUB(mmm) \ static CK_RV \ -pk11_doSub ## mmm(PK11SessionContext *context) { \ +sftk_doSub ## mmm(SFTKSessionContext *context) { \ mmm ## Context * mmm ## _ctx = mmm ## _NewContext(); \ context->hashInfo = (void *) mmm ## _ctx; \ - context->hashUpdate = (PK11Hash) mmm ## _Update; \ - context->end = (PK11End) mmm ## _End; \ - context->hashdestroy = (PK11Destroy) mmm ## _DestroyContext; \ + context->hashUpdate = (SFTKHash) mmm ## _Update; \ + context->end = (SFTKEnd) mmm ## _End; \ + context->hashdestroy = (SFTKDestroy) mmm ## _DestroyContext; \ if (!context->hashInfo) { \ return CKR_HOST_MEMORY; \ } \ @@ -1239,7 +1239,7 @@ DOSUB(SHA512) * the final HMAC output with the signature. */ static SECStatus -pk11_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen, +sftk_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen, unsigned int maxLen,unsigned char *hash, unsigned int hashLen) { if (maxLen < *copyLen) return SECFailure; @@ -1250,7 +1250,7 @@ pk11_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen, /* Verify is just a compare for HMAC */ static SECStatus -pk11_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen, +sftk_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen, unsigned char *hash, unsigned int hashLen) { return PORT_Memcmp(sig,hash,*copyLen) ? SECSuccess : SECFailure ; @@ -1260,10 +1260,10 @@ pk11_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen, * common HMAC initalization routine */ static CK_RV -pk11_doHMACInit(PK11SessionContext *context,HASH_HashType hash, - PK11Object *key, CK_ULONG mac_size) +sftk_doHMACInit(SFTKSessionContext *context,HASH_HashType hash, + SFTKObject *key, CK_ULONG mac_size) { - PK11Attribute *keyval; + SFTKAttribute *keyval; HMACContext *HMACcontext; CK_ULONG *intpointer; const SECHashObject *hashObj = &SECRawHashObjects[hash]; @@ -1274,7 +1274,7 @@ pk11_doHMACInit(PK11SessionContext *context,HASH_HashType hash, return CKR_BUFFER_TOO_SMALL; } - keyval = pk11_FindAttribute(key,CKA_VALUE); + keyval = sftk_FindAttribute(key,CKA_VALUE); if (keyval == NULL) return CKR_KEY_SIZE_RANGE; HMACcontext = HMAC_Create(hashObj, @@ -1282,26 +1282,26 @@ pk11_doHMACInit(PK11SessionContext *context,HASH_HashType hash, keyval->attrib.ulValueLen, isFIPS); context->hashInfo = HMACcontext; context->multi = PR_TRUE; - pk11_FreeAttribute(keyval); + sftk_FreeAttribute(keyval); if (context->hashInfo == NULL) { if (PORT_GetError() == SEC_ERROR_INVALID_ARGS) { return CKR_KEY_SIZE_RANGE; } return CKR_HOST_MEMORY; } - context->hashUpdate = (PK11Hash) HMAC_Update; - context->end = (PK11End) HMAC_Finish; + context->hashUpdate = (SFTKHash) HMAC_Update; + context->end = (SFTKEnd) HMAC_Finish; - context->hashdestroy = (PK11Destroy) pk11_HMAC_Destroy; + context->hashdestroy = (SFTKDestroy) sftk_HMAC_Destroy; intpointer = (CK_ULONG *) PORT_Alloc(sizeof(CK_ULONG)); if (intpointer == NULL) { return CKR_HOST_MEMORY; } *intpointer = mac_size; context->cipherInfo = (void *) intpointer; - context->destroy = (PK11Destroy) pk11_Space; - context->update = (PK11Cipher) pk11_HMACCopy; - context->verify = (PK11Verify) pk11_HMACCmp; + context->destroy = (SFTKDestroy) sftk_Space; + context->update = (SFTKCipher) sftk_HMACCopy; + context->verify = (SFTKVerify) sftk_HMACCmp; context->maxLen = hashObj->length; HMAC_Begin(HMACcontext); return CKR_OK; @@ -1340,34 +1340,34 @@ static unsigned char ssl_pad_2 [60] = { }; static SECStatus -pk11_SSLMACSign(PK11SSLMACInfo *info,unsigned char *sig,unsigned int *sigLen, +sftk_SSLMACSign(SFTKSSLMACInfo *info,unsigned char *sig,unsigned int *sigLen, unsigned int maxLen,unsigned char *hash, unsigned int hashLen) { - unsigned char tmpBuf[PK11_MAX_MAC_LENGTH]; + unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH]; unsigned int out; info->begin(info->hashContext); info->update(info->hashContext,info->key,info->keySize); info->update(info->hashContext,ssl_pad_2,info->padSize); info->update(info->hashContext,hash,hashLen); - info->end(info->hashContext,tmpBuf,&out,PK11_MAX_MAC_LENGTH); + info->end(info->hashContext,tmpBuf,&out,SFTK_MAX_MAC_LENGTH); PORT_Memcpy(sig,tmpBuf,info->macSize); *sigLen = info->macSize; return SECSuccess; } static SECStatus -pk11_SSLMACVerify(PK11SSLMACInfo *info,unsigned char *sig,unsigned int sigLen, +sftk_SSLMACVerify(SFTKSSLMACInfo *info,unsigned char *sig,unsigned int sigLen, unsigned char *hash, unsigned int hashLen) { - unsigned char tmpBuf[PK11_MAX_MAC_LENGTH]; + unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH]; unsigned int out; info->begin(info->hashContext); info->update(info->hashContext,info->key,info->keySize); info->update(info->hashContext,ssl_pad_2,info->padSize); info->update(info->hashContext,hash,hashLen); - info->end(info->hashContext,tmpBuf,&out,PK11_MAX_MAC_LENGTH); + info->end(info->hashContext,tmpBuf,&out,SFTK_MAX_MAC_LENGTH); return (PORT_Memcmp(sig,tmpBuf,info->macSize) == 0) ? SECSuccess : SECFailure; } @@ -1376,37 +1376,37 @@ pk11_SSLMACVerify(PK11SSLMACInfo *info,unsigned char *sig,unsigned int sigLen, * common HMAC initalization routine */ static CK_RV -pk11_doSSLMACInit(PK11SessionContext *context,SECOidTag oid, - PK11Object *key, CK_ULONG mac_size) +sftk_doSSLMACInit(SFTKSessionContext *context,SECOidTag oid, + SFTKObject *key, CK_ULONG mac_size) { - PK11Attribute *keyval; - PK11Begin begin; + SFTKAttribute *keyval; + SFTKBegin begin; int padSize; - PK11SSLMACInfo *sslmacinfo; + SFTKSSLMACInfo *sslmacinfo; CK_RV crv = CKR_MECHANISM_INVALID; if (oid == SEC_OID_SHA1) { - crv = pk11_doSubSHA1(context); + crv = sftk_doSubSHA1(context); if (crv != CKR_OK) return crv; - begin = (PK11Begin) SHA1_Begin; + begin = (SFTKBegin) SHA1_Begin; padSize = 40; } else { - crv = pk11_doSubMD5(context); + crv = sftk_doSubMD5(context); if (crv != CKR_OK) return crv; - begin = (PK11Begin) MD5_Begin; + begin = (SFTKBegin) MD5_Begin; padSize = 48; } context->multi = PR_TRUE; - keyval = pk11_FindAttribute(key,CKA_VALUE); + keyval = sftk_FindAttribute(key,CKA_VALUE); if (keyval == NULL) return CKR_KEY_SIZE_RANGE; context->hashUpdate(context->hashInfo,keyval->attrib.pValue, keyval->attrib.ulValueLen); context->hashUpdate(context->hashInfo,ssl_pad_1,padSize); - sslmacinfo = (PK11SSLMACInfo *) PORT_Alloc(sizeof(PK11SSLMACInfo)); + sslmacinfo = (SFTKSSLMACInfo *) PORT_Alloc(sizeof(SFTKSSLMACInfo)); if (sslmacinfo == NULL) { - pk11_FreeAttribute(keyval); + sftk_FreeAttribute(keyval); return CKR_HOST_MEMORY; } sslmacinfo->macSize = mac_size; @@ -1418,11 +1418,11 @@ pk11_doSSLMACInit(PK11SessionContext *context,SECOidTag oid, sslmacinfo->end = context->end; sslmacinfo->update = context->hashUpdate; sslmacinfo->padSize = padSize; - pk11_FreeAttribute(keyval); + sftk_FreeAttribute(keyval); context->cipherInfo = (void *) sslmacinfo; - context->destroy = (PK11Destroy) pk11_Space; - context->update = (PK11Cipher) pk11_SSLMACSign; - context->verify = (PK11Verify) pk11_SSLMACVerify; + context->destroy = (SFTKDestroy) sftk_Space; + context->update = (SFTKCipher) sftk_SSLMACSign; + context->verify = (SFTKVerify) sftk_SSLMACVerify; context->maxLen = mac_size; return CKR_OK; } @@ -1435,20 +1435,20 @@ pk11_doSSLMACInit(PK11SessionContext *context,SECOidTag oid, * Check if We're using CBCMacing and initialize the session context if we are. */ static CK_RV -pk11_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, +sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE keyUsage, - PK11ContextType contextType) + SFTKContextType contextType) { CK_MECHANISM cbc_mechanism; - CK_ULONG mac_bytes = PK11_INVALID_MAC_SIZE; + CK_ULONG mac_bytes = SFTK_INVALID_MAC_SIZE; CK_RC2_CBC_PARAMS rc2_params; #if NSS_SOFTOKEN_DOES_RC5 CK_RC5_CBC_PARAMS rc5_params; CK_RC5_MAC_GENERAL_PARAMS *rc5_mac; #endif - unsigned char ivBlock[PK11_MAX_BLOCK_SIZE]; - PK11SessionContext *context; + unsigned char ivBlock[SFTK_MAX_BLOCK_SIZE]; + SFTKSessionContext *context; CK_RV crv; int blockSize; @@ -1533,16 +1533,16 @@ pk11_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, return CKR_FUNCTION_NOT_SUPPORTED; } - crv = pk11_CryptInit(hSession, &cbc_mechanism, hKey, keyUsage, + crv = sftk_CryptInit(hSession, &cbc_mechanism, hKey, keyUsage, contextType, PR_TRUE); if (crv != CKR_OK) return crv; - crv = pk11_GetContext(hSession,&context,contextType,PR_TRUE,NULL); + crv = sftk_GetContext(hSession,&context,contextType,PR_TRUE,NULL); /* this shouldn't happen! */ PORT_Assert(crv == CKR_OK); if (crv != CKR_OK) return crv; context->blockSize = blockSize; - if (mac_bytes == PK11_INVALID_MAC_SIZE) mac_bytes = blockSize/2; + if (mac_bytes == SFTK_INVALID_MAC_SIZE) mac_bytes = blockSize/2; context->macSize = mac_bytes; return CKR_OK; } @@ -1551,7 +1551,7 @@ pk11_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, * encode RSA PKCS #1 Signature data before signing... */ static SECStatus -pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen, +sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, unsigned int maxLen,unsigned char *hash, unsigned int hashLen) { @@ -1682,25 +1682,25 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - PK11Session *session; - PK11Object *key; - PK11SessionContext *context; + SFTKSession *session; + SFTKObject *key; + SFTKSessionContext *context; CK_KEY_TYPE key_type; CK_RV crv = CKR_OK; NSSLOWKEYPrivateKey *privKey; - PK11HashSignInfo *info = NULL; + SFTKHashSignInfo *info = NULL; /* Block Cipher MACing Algorithms use a different Context init method..*/ - crv = pk11_InitCBCMac(hSession, pMechanism, hKey, CKA_SIGN, PK11_SIGN); + crv = sftk_InitCBCMac(hSession, pMechanism, hKey, CKA_SIGN, SFTK_SIGN); if (crv != CKR_FUNCTION_NOT_SUPPORTED) return crv; /* we're not using a block cipher mac */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - crv = pk11_InitGeneric(session,&context,PK11_SIGN,&key,hKey,&key_type, + crv = sftk_InitGeneric(session,&context,SFTK_SIGN,&key,hKey,&key_type, CKO_PRIVATE_KEY,CKA_SIGN); if (crv != CKR_OK) { - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -1709,10 +1709,10 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, #define INIT_RSA_SIGN_MECH(mmm) \ case CKM_ ## mmm ## _RSA_PKCS: \ context->multi = PR_TRUE; \ - crv = pk11_doSub ## mmm (context); \ + crv = sftk_doSub ## mmm (context); \ if (crv != CKR_OK) break; \ - context->update = (PK11Cipher) pk11_HashSign; \ - info = PORT_New(PK11HashSignInfo); \ + context->update = (SFTKCipher) sftk_HashSign; \ + info = PORT_New(SFTKHashSignInfo); \ if (info == NULL) { crv = CKR_HOST_MEMORY; break; } \ info->hashOid = SEC_OID_ ## mmm ; \ goto finish_rsa; @@ -1726,17 +1726,17 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, INIT_RSA_SIGN_MECH(SHA512) case CKM_RSA_PKCS: - context->update = (PK11Cipher) RSA_Sign; + context->update = (SFTKCipher) RSA_Sign; goto finish_rsa; case CKM_RSA_X_509: - context->update = (PK11Cipher) RSA_SignRaw; + context->update = (SFTKCipher) RSA_SignRaw; finish_rsa: if (key_type != CKK_RSA) { if (info) PORT_Free(info); crv = CKR_KEY_TYPE_INCONSISTENT; break; } - privKey = pk11_GetPrivKey(key,CKK_RSA,&crv); + privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); if (privKey == NULL) { if (info) PORT_Free(info); break; @@ -1748,17 +1748,17 @@ finish_rsa: if (info) { info->key = privKey; context->cipherInfo = info; - context->destroy = (PK11Destroy)pk11_Space; + context->destroy = (SFTKDestroy)sftk_Space; } else { context->cipherInfo = privKey; - context->destroy = (PK11Destroy)pk11_Null; + context->destroy = (SFTKDestroy)sftk_Null; } context->maxLen = nsslowkey_PrivateModulusLen(privKey); break; case CKM_DSA_SHA1: context->multi = PR_TRUE; - crv = pk11_doSubSHA1(context); + crv = sftk_doSubSHA1(context); if (crv != CKR_OK) break; /* fall through */ case CKM_DSA: @@ -1766,14 +1766,14 @@ finish_rsa: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - privKey = pk11_GetPrivKey(key,CKK_DSA,&crv); + privKey = sftk_GetPrivKey(key,CKK_DSA,&crv); if (privKey == NULL) { break; } context->cipherInfo = privKey; - context->update = (PK11Cipher) nsc_DSA_Sign_Stub; + context->update = (SFTKCipher) nsc_DSA_Sign_Stub; context->destroy = (privKey == key->objectInfo) ? - (PK11Destroy) pk11_Null:(PK11Destroy)pk11_FreePrivKey; + (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; context->maxLen = DSA_SIGNATURE_LEN; break; @@ -1781,7 +1781,7 @@ finish_rsa: #ifdef NSS_ENABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; - crv = pk11_doSubSHA1(context); + crv = sftk_doSubSHA1(context); if (crv != CKR_OK) break; /* fall through */ case CKM_ECDSA: @@ -1789,15 +1789,15 @@ finish_rsa: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - privKey = pk11_GetPrivKey(key,CKK_EC,&crv); + privKey = sftk_GetPrivKey(key,CKK_EC,&crv); if (privKey == NULL) { crv = CKR_HOST_MEMORY; break; } context->cipherInfo = privKey; - context->update = (PK11Cipher) nsc_ECDSASignStub; + context->update = (SFTKCipher) nsc_ECDSASignStub; context->destroy = (privKey == key->objectInfo) ? - (PK11Destroy) pk11_Null:(PK11Destroy)pk11_FreePrivKey; + (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; context->maxLen = MAX_ECKEY_LEN * 2; break; @@ -1805,11 +1805,11 @@ finish_rsa: #define INIT_HMAC_MECH(mmm) \ case CKM_ ## mmm ## _HMAC_GENERAL: \ - crv = pk11_doHMACInit(context, HASH_Alg ## mmm ,key, \ + crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, \ *(CK_ULONG *)pMechanism->pParameter); \ break; \ case CKM_ ## mmm ## _HMAC: \ - crv = pk11_doHMACInit(context, HASH_Alg ## mmm ,key, mmm ## _LENGTH); \ + crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, mmm ## _LENGTH); \ break; INIT_HMAC_MECH(MD2) @@ -1819,23 +1819,23 @@ finish_rsa: INIT_HMAC_MECH(SHA512) case CKM_SHA_1_HMAC_GENERAL: - crv = pk11_doHMACInit(context,HASH_AlgSHA1,key, + crv = sftk_doHMACInit(context,HASH_AlgSHA1,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SHA_1_HMAC: - crv = pk11_doHMACInit(context,HASH_AlgSHA1,key,SHA1_LENGTH); + crv = sftk_doHMACInit(context,HASH_AlgSHA1,key,SHA1_LENGTH); break; case CKM_SSL3_MD5_MAC: - crv = pk11_doSSLMACInit(context,SEC_OID_MD5,key, + crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SSL3_SHA1_MAC: - crv = pk11_doSSLMACInit(context,SEC_OID_SHA1,key, + crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = pk11_TLSPRFInit(context, key, key_type); + crv = sftk_TLSPRFInit(context, key, key_type); break; default: crv = CKR_MECHANISM_INVALID; @@ -1843,12 +1843,12 @@ finish_rsa: } if (crv != CKR_OK) { - pk11_FreeContext(context); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_FreeSession(session); return crv; } - pk11_SetContextByType(session, PK11_SIGN, context); - pk11_FreeSession(session); + sftk_SetContextByType(session, SFTK_SIGN, context); + sftk_FreeSession(session); return CKR_OK; } @@ -1856,16 +1856,16 @@ finish_rsa: /* MACUpdate is the common implementation for SignUpdate and VerifyUpdate. * (sign and verify only very in their setup and final operations) */ static CK_RV -pk11_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, - CK_ULONG ulPartLen,PK11ContextType type) +sftk_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, + CK_ULONG ulPartLen,SFTKContextType type) { unsigned int outlen; - PK11SessionContext *context; + SFTKSessionContext *context; CK_RV crv; SECStatus rv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,type,PR_FALSE,NULL); + crv = sftk_GetContext(hSession,&context,type,PR_FALSE,NULL); if (crv != CKR_OK) return crv; if (context->hashInfo) { @@ -1890,7 +1890,7 @@ pk11_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, if (context->padDataLength != context->blockSize) return CKR_OK; /* encrypt the current padded data */ rv = (*context->update)(context->cipherInfo,context->macBuf,&outlen, - PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); + SFTK_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); if (rv != SECSuccess) return CKR_DEVICE_ERROR; } @@ -1909,7 +1909,7 @@ pk11_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, /* run the data through out encrypter */ while (ulPartLen) { rv = (*context->update)(context->cipherInfo, context->padBuf, &outlen, - PK11_MAX_BLOCK_SIZE, pPart, context->blockSize); + SFTK_MAX_BLOCK_SIZE, pPart, context->blockSize); if (rv != SECSuccess) return CKR_DEVICE_ERROR; /* paranoia.. make sure we exit the loop */ PORT_Assert(ulPartLen >= context->blockSize); @@ -1927,7 +1927,7 @@ pk11_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_RV NSC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_ULONG ulPartLen) { - return pk11_MACUpdate(hSession, pPart, ulPartLen, PK11_SIGN); + return sftk_MACUpdate(hSession, pPart, ulPartLen, SFTK_SIGN); } @@ -1936,18 +1936,18 @@ CK_RV NSC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, CK_RV NSC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int digestLen; unsigned int maxoutlen = *pulSignatureLen; - unsigned char tmpbuf[PK11_MAX_MAC_LENGTH]; + unsigned char tmpbuf[SFTK_MAX_MAC_LENGTH]; CK_RV crv; SECStatus rv = SECSuccess; /* make sure we're legal */ *pulSignatureLen = 0; - crv = pk11_GetContext(hSession,&context,PK11_SIGN,PR_TRUE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_SIGN,PR_TRUE,&session); if (crv != CKR_OK) return crv; if (!pSignature) { @@ -1967,7 +1967,7 @@ CK_RV NSC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature, context->padBuf[i] = 0; } rv = (*context->update)(context->cipherInfo,context->macBuf, - &outlen,PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); + &outlen,SFTK_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); } if (rv == SECSuccess) { PORT_Memcpy(pSignature,context->macBuf,context->macSize); @@ -1975,11 +1975,11 @@ CK_RV NSC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature, } } - pk11_FreeContext(context); - pk11_SetContextByType(session, PK11_SIGN, NULL); + sftk_FreeContext(context); + sftk_SetContextByType(session, SFTK_SIGN, NULL); finish: - pk11_FreeSession(session); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -1991,15 +1991,15 @@ CK_RV NSC_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int maxoutlen = *pulSignatureLen; CK_RV crv,crv2; SECStatus rv = SECSuccess; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_SIGN,PR_FALSE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_SIGN,PR_FALSE,&session); if (crv != CKR_OK) return crv; if (!pSignature) { @@ -2010,7 +2010,7 @@ CK_RV NSC_Sign(CK_SESSION_HANDLE hSession, /* multi part Signing are completely implemented by SignUpdate and * sign Final */ if (context->multi) { - pk11_FreeSession(session); + sftk_FreeSession(session); crv = NSC_SignUpdate(hSession,pData,ulDataLen); if (crv != CKR_OK) *pulSignatureLen = 0; crv2 = NSC_SignFinal(hSession, pSignature, pulSignatureLen); @@ -2020,11 +2020,11 @@ CK_RV NSC_Sign(CK_SESSION_HANDLE hSession, rv = (*context->update)(context->cipherInfo, pSignature, &outlen, maxoutlen, pData, ulDataLen); *pulSignatureLen = (CK_ULONG) outlen; - pk11_FreeContext(context); - pk11_SetContextByType(session, PK11_SIGN, NULL); + sftk_FreeContext(context); + sftk_SetContextByType(session, SFTK_SIGN, NULL); finish: - pk11_FreeSession(session); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -2065,7 +2065,7 @@ CK_RV NSC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, /* Handle RSA Signature formating */ static SECStatus -pk11_hashCheckSign(PK11HashVerifyInfo *info, unsigned char *sig, +sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen) { @@ -2116,24 +2116,24 @@ pk11_hashCheckSign(PK11HashVerifyInfo *info, unsigned char *sig, CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { - PK11Session *session; - PK11Object *key; - PK11SessionContext *context; + SFTKSession *session; + SFTKObject *key; + SFTKSessionContext *context; CK_KEY_TYPE key_type; CK_RV crv = CKR_OK; NSSLOWKEYPublicKey *pubKey; - PK11HashVerifyInfo *info = NULL; + SFTKHashVerifyInfo *info = NULL; /* Block Cipher MACing Algorithms use a different Context init method..*/ - crv = pk11_InitCBCMac(hSession, pMechanism, hKey, CKA_VERIFY, PK11_VERIFY); + crv = sftk_InitCBCMac(hSession, pMechanism, hKey, CKA_VERIFY, SFTK_VERIFY); if (crv != CKR_FUNCTION_NOT_SUPPORTED) return crv; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - crv = pk11_InitGeneric(session,&context,PK11_VERIFY,&key,hKey,&key_type, + crv = sftk_InitGeneric(session,&context,SFTK_VERIFY,&key,hKey,&key_type, CKO_PUBLIC_KEY,CKA_VERIFY); if (crv != CKR_OK) { - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -2142,10 +2142,10 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, #define INIT_RSA_VFY_MECH(mmm) \ case CKM_ ## mmm ## _RSA_PKCS: \ context->multi = PR_TRUE; \ - crv = pk11_doSub ## mmm (context); \ + crv = sftk_doSub ## mmm (context); \ if (crv != CKR_OK) break; \ - context->verify = (PK11Verify) pk11_hashCheckSign; \ - info = PORT_New(PK11HashVerifyInfo); \ + context->verify = (SFTKVerify) sftk_hashCheckSign; \ + info = PORT_New(SFTKHashVerifyInfo); \ if (info == NULL) { crv = CKR_HOST_MEMORY; break; } \ info->hashOid = SEC_OID_ ## mmm ; \ goto finish_rsa; @@ -2159,31 +2159,31 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, INIT_RSA_VFY_MECH(SHA512) case CKM_RSA_PKCS: - context->verify = (PK11Verify) RSA_CheckSign; + context->verify = (SFTKVerify) RSA_CheckSign; goto finish_rsa; case CKM_RSA_X_509: - context->verify = (PK11Verify) RSA_CheckSignRaw; + context->verify = (SFTKVerify) RSA_CheckSignRaw; finish_rsa: if (key_type != CKK_RSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } - pubKey = pk11_GetPubKey(key,CKK_RSA,&crv); + pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); if (pubKey == NULL) { break; } if (info) { info->key = pubKey; context->cipherInfo = info; - context->destroy = pk11_Space; + context->destroy = sftk_Space; } else { context->cipherInfo = pubKey; - context->destroy = pk11_Null; + context->destroy = sftk_Null; } break; case CKM_DSA_SHA1: context->multi = PR_TRUE; - crv = pk11_doSubSHA1(context); + crv = sftk_doSubSHA1(context); if (crv != CKR_OK) break; /* fall through */ case CKM_DSA: @@ -2191,18 +2191,18 @@ finish_rsa: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - pubKey = pk11_GetPubKey(key,CKK_DSA,&crv); + pubKey = sftk_GetPubKey(key,CKK_DSA,&crv); if (pubKey == NULL) { break; } context->cipherInfo = pubKey; - context->verify = (PK11Verify) nsc_DSA_Verify_Stub; - context->destroy = pk11_Null; + context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; + context->destroy = sftk_Null; break; #ifdef NSS_ENABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; - crv = pk11_doSubSHA1(context); + crv = sftk_doSubSHA1(context); if (crv != CKR_OK) break; /* fall through */ case CKM_ECDSA: @@ -2211,14 +2211,14 @@ finish_rsa: break; } context->multi = PR_FALSE; - pubKey = pk11_GetPubKey(key,CKK_EC,&crv); + pubKey = sftk_GetPubKey(key,CKK_EC,&crv); if (pubKey == NULL) { crv = CKR_HOST_MEMORY; break; } context->cipherInfo = pubKey; - context->verify = (PK11Verify) nsc_ECDSAVerifyStub; - context->destroy = pk11_Null; + context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; + context->destroy = sftk_Null; break; #endif /* NSS_ENABLE_ECC */ @@ -2229,23 +2229,23 @@ finish_rsa: INIT_HMAC_MECH(SHA512) case CKM_SHA_1_HMAC_GENERAL: - crv = pk11_doHMACInit(context,HASH_AlgSHA1,key, + crv = sftk_doHMACInit(context,HASH_AlgSHA1,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SHA_1_HMAC: - crv = pk11_doHMACInit(context,HASH_AlgSHA1,key,SHA1_LENGTH); + crv = sftk_doHMACInit(context,HASH_AlgSHA1,key,SHA1_LENGTH); break; case CKM_SSL3_MD5_MAC: - crv = pk11_doSSLMACInit(context,SEC_OID_MD5,key, + crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SSL3_SHA1_MAC: - crv = pk11_doSSLMACInit(context,SEC_OID_SHA1,key, + crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = pk11_TLSPRFInit(context, key, key_type); + crv = sftk_TLSPRFInit(context, key, key_type); break; default: @@ -2255,11 +2255,11 @@ finish_rsa: if (crv != CKR_OK) { PORT_Free(context); - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } - pk11_SetContextByType(session, PK11_VERIFY, context); - pk11_FreeSession(session); + sftk_SetContextByType(session, SFTK_VERIFY, context); + sftk_FreeSession(session); return CKR_OK; } @@ -2269,20 +2269,20 @@ finish_rsa: CK_RV NSC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; CK_RV crv; SECStatus rv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_VERIFY,PR_FALSE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_VERIFY,PR_FALSE,&session); if (crv != CKR_OK) return crv; rv = (*context->verify)(context->cipherInfo,pSignature, ulSignatureLen, pData, ulDataLen); - pk11_FreeContext(context); - pk11_SetContextByType(session, PK11_VERIFY, NULL); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_SetContextByType(session, SFTK_VERIFY, NULL); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_SIGNATURE_INVALID; @@ -2295,7 +2295,7 @@ CK_RV NSC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_RV NSC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) { - return pk11_MACUpdate(hSession, pPart, ulPartLen, PK11_VERIFY); + return sftk_MACUpdate(hSession, pPart, ulPartLen, SFTK_VERIFY); } @@ -2304,16 +2304,16 @@ CK_RV NSC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_RV NSC_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int digestLen; - unsigned char tmpbuf[PK11_MAX_MAC_LENGTH]; + unsigned char tmpbuf[SFTK_MAX_MAC_LENGTH]; CK_RV crv; SECStatus rv = SECSuccess; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_VERIFY,PR_TRUE,&session); + crv = sftk_GetContext(hSession,&context,SFTK_VERIFY,PR_TRUE,&session); if (crv != CKR_OK) return crv; if (context->hashInfo) { @@ -2328,7 +2328,7 @@ CK_RV NSC_VerifyFinal(CK_SESSION_HANDLE hSession, context->padBuf[i] = 0; } rv = (*context->update)(context->cipherInfo,context->macBuf, - &outlen,PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); + &outlen,SFTK_MAX_BLOCK_SIZE,context->padBuf,context->blockSize); } if (rv == SECSuccess) { rv =(PORT_Memcmp(pSignature,context->macBuf,context->macSize) == 0) @@ -2336,9 +2336,9 @@ CK_RV NSC_VerifyFinal(CK_SESSION_HANDLE hSession, } } - pk11_FreeContext(context); - pk11_SetContextByType(session, PK11_VERIFY, NULL); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_SetContextByType(session, SFTK_VERIFY, NULL); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_SIGNATURE_INVALID; } @@ -2353,19 +2353,19 @@ CK_RV NSC_VerifyFinal(CK_SESSION_HANDLE hSession, CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { - PK11Session *session; - PK11Object *key; - PK11SessionContext *context; + SFTKSession *session; + SFTKObject *key; + SFTKSessionContext *context; CK_KEY_TYPE key_type; CK_RV crv = CKR_OK; NSSLOWKEYPublicKey *pubKey; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - crv = pk11_InitGeneric(session,&context,PK11_VERIFY_RECOVER, + crv = sftk_InitGeneric(session,&context,SFTK_VERIFY_RECOVER, &key,hKey,&key_type,CKO_PUBLIC_KEY,CKA_VERIFY_RECOVER); if (crv != CKR_OK) { - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } @@ -2379,14 +2379,14 @@ CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, break; } context->multi = PR_FALSE; - pubKey = pk11_GetPubKey(key,CKK_RSA,&crv); + pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); if (pubKey == NULL) { break; } context->cipherInfo = pubKey; - context->update = (PK11Cipher) (pMechanism->mechanism == CKM_RSA_X_509 + context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509 ? RSA_CheckSignRecoverRaw : RSA_CheckSignRecover); - context->destroy = pk11_Null; + context->destroy = sftk_Null; break; default: crv = CKR_MECHANISM_INVALID; @@ -2395,11 +2395,11 @@ CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, if (crv != CKR_OK) { PORT_Free(context); - pk11_FreeSession(session); + sftk_FreeSession(session); return crv; } - pk11_SetContextByType(session, PK11_VERIFY_RECOVER, context); - pk11_FreeSession(session); + sftk_SetContextByType(session, SFTK_VERIFY_RECOVER, context); + sftk_FreeSession(session); return CKR_OK; } @@ -2411,24 +2411,24 @@ CK_RV NSC_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen, CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen) { - PK11Session *session; - PK11SessionContext *context; + SFTKSession *session; + SFTKSessionContext *context; unsigned int outlen; unsigned int maxoutlen = *pulDataLen; CK_RV crv; SECStatus rv; /* make sure we're legal */ - crv = pk11_GetContext(hSession,&context,PK11_VERIFY_RECOVER, + crv = sftk_GetContext(hSession,&context,SFTK_VERIFY_RECOVER, PR_FALSE,&session); if (crv != CKR_OK) return crv; rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen, pSignature, ulSignatureLen); *pulDataLen = (CK_ULONG) outlen; - pk11_FreeContext(context); - pk11_SetContextByType(session, PK11_VERIFY_RECOVER, NULL); - pk11_FreeSession(session); + sftk_FreeContext(context); + sftk_SetContextByType(session, SFTK_VERIFY_RECOVER, NULL); + sftk_FreeSession(session); return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; } @@ -2496,9 +2496,9 @@ nsc_pbe_key_gen(NSSPKCS5PBEParameter *pkcs5_pbe, CK_MECHANISM_PTR pMechanism, return CKR_OK; } static CK_RV -nsc_parameter_gen(CK_KEY_TYPE key_type, PK11Object *key) +nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key) { - PK11Attribute *attribute; + SFTKAttribute *attribute; CK_ULONG counter; unsigned int seedBits = 0; unsigned int primeBits; @@ -2507,21 +2507,21 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, PK11Object *key) PQGVerify *vfy = NULL; SECStatus rv; - attribute = pk11_FindAttribute(key, CKA_PRIME_BITS); + attribute = sftk_FindAttribute(key, CKA_PRIME_BITS); if (attribute == NULL) { return CKR_TEMPLATE_INCOMPLETE; } primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); - attribute = pk11_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS); + attribute = sftk_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS); if (attribute != NULL) { seedBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); } - pk11_DeleteAttributeType(key,CKA_PRIME_BITS); - pk11_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS); + sftk_DeleteAttributeType(key,CKA_PRIME_BITS); + sftk_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS); if (seedBits == 0) { rv = PQG_ParamGen(primeBits, ¶ms, &vfy); @@ -2532,22 +2532,22 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, PK11Object *key) if (rv != SECSuccess) { return CKR_DEVICE_ERROR; } - crv = pk11_AddAttributeType(key,CKA_PRIME, + crv = sftk_AddAttributeType(key,CKA_PRIME, params->prime.data, params->prime.len); if (crv != CKR_OK) goto loser; - crv = pk11_AddAttributeType(key,CKA_SUBPRIME, + crv = sftk_AddAttributeType(key,CKA_SUBPRIME, params->subPrime.data, params->subPrime.len); if (crv != CKR_OK) goto loser; - crv = pk11_AddAttributeType(key,CKA_BASE, + crv = sftk_AddAttributeType(key,CKA_BASE, params->base.data, params->base.len); if (crv != CKR_OK) goto loser; counter = vfy->counter; - crv = pk11_AddAttributeType(key,CKA_NETSCAPE_PQG_COUNTER, + crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_COUNTER, &counter, sizeof(counter)); - crv = pk11_AddAttributeType(key,CKA_NETSCAPE_PQG_SEED, + crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_SEED, vfy->seed.data, vfy->seed.len); if (crv != CKR_OK) goto loser; - crv = pk11_AddAttributeType(key,CKA_NETSCAPE_PQG_H, + crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_H, vfy->h.data, vfy->h.len); if (crv != CKR_OK) goto loser; @@ -2739,8 +2739,8 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey) { - PK11Object *key; - PK11Session *session; + SFTKObject *key; + SFTKSession *session; PRBool checkWeak = PR_FALSE; CK_ULONG key_length = 0; CK_KEY_TYPE key_type = CKK_INVALID_KEY_TYPE; @@ -2748,7 +2748,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, CK_RV crv = CKR_OK; CK_BBOOL cktrue = CK_TRUE; int i; - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); char buf[MAX_KEY_LEN]; enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param} key_gen_type; NSSPKCS5PBEParameter *pbe_param; @@ -2764,7 +2764,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, /* * now lets create an object to hang the attributes off of */ - key = pk11_NewObject(slot); /* fill in the handle later */ + key = sftk_NewObject(slot); /* fill in the handle later */ if (key == NULL) { return CKR_HOST_MEMORY; } @@ -2778,18 +2778,18 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, continue; } - crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i])); + crv = sftk_AddAttributeType(key,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) break; } if (crv != CKR_OK) { - pk11_FreeObject(key); + sftk_FreeObject(key); return crv; } /* make sure we don't have any class, key_type, or value fields */ - pk11_DeleteAttributeType(key,CKA_CLASS); - pk11_DeleteAttributeType(key,CKA_KEY_TYPE); - pk11_DeleteAttributeType(key,CKA_VALUE); + sftk_DeleteAttributeType(key,CKA_CLASS); + sftk_DeleteAttributeType(key,CKA_KEY_TYPE); + sftk_DeleteAttributeType(key,CKA_VALUE); /* Now Set up the parameters to generate the key (based on mechanism) */ key_gen_type = nsc_bulk; /* bulk key by default */ @@ -2858,7 +2858,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, crv = CKR_TEMPLATE_INCONSISTENT; } - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } /* if there was no error, * key_type *MUST* be set in the switch statement above */ @@ -2886,7 +2886,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, do { crv = NSC_GenerateRandom(0, (unsigned char *)buf, key_length); } while (crv == CKR_OK && checkWeak && - pk11_IsWeakKey((unsigned char *)buf,key_type)); + sftk_IsWeakKey((unsigned char *)buf,key_type)); break; case nsc_param: /* generate parameters */ @@ -2895,39 +2895,39 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, break; } - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } /* Add the class, key_type, and value */ - crv = pk11_AddAttributeType(key,CKA_CLASS,&objclass,sizeof(CK_OBJECT_CLASS)); - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } - crv = pk11_AddAttributeType(key,CKA_KEY_TYPE,&key_type,sizeof(CK_KEY_TYPE)); - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + crv = sftk_AddAttributeType(key,CKA_CLASS,&objclass,sizeof(CK_OBJECT_CLASS)); + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } + crv = sftk_AddAttributeType(key,CKA_KEY_TYPE,&key_type,sizeof(CK_KEY_TYPE)); + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } if (key_length != 0) { - crv = pk11_AddAttributeType(key,CKA_VALUE,buf,key_length); - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + crv = sftk_AddAttributeType(key,CKA_VALUE,buf,key_length); + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } } /* get the session */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_SESSION_HANDLE_INVALID; } /* * handle the base object stuff */ - crv = pk11_handleObject(key,session); - pk11_FreeSession(session); - if (pk11_isTrue(key,CKA_SENSITIVE)) { - pk11_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_handleObject(key,session); + sftk_FreeSession(session); + if (sftk_isTrue(key,CKA_SENSITIVE)) { + sftk_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,sizeof(CK_BBOOL)); } - if (!pk11_isTrue(key,CKA_EXTRACTABLE)) { - pk11_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL)); + if (!sftk_isTrue(key,CKA_EXTRACTABLE)) { + sftk_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL)); } *phKey = key->handle; - pk11_FreeObject(key); + sftk_FreeObject(key); return crv; } @@ -2940,8 +2940,8 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey) { - PK11Object * publicKey,*privateKey; - PK11Session * session; + SFTKObject * publicKey,*privateKey; + SFTKSession * session; CK_KEY_TYPE key_type; CK_RV crv = CKR_OK; CK_BBOOL cktrue = CK_TRUE; @@ -2949,7 +2949,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY; CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY; int i; - PK11Slot * slot = pk11_SlotFromSessionHandle(hSession); + SFTKSlot * slot = sftk_SlotFromSessionHandle(hSession); unsigned int bitSize; /* RSA */ @@ -2976,7 +2976,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, /* * now lets create an object to hang the attributes off of */ - publicKey = pk11_NewObject(slot); /* fill in the handle later */ + publicKey = sftk_NewObject(slot); /* fill in the handle later */ if (publicKey == NULL) { return CKR_HOST_MEMORY; } @@ -2990,19 +2990,19 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, continue; } - crv = pk11_AddAttributeType(publicKey, - pk11_attr_expand(&pPublicKeyTemplate[i])); + crv = sftk_AddAttributeType(publicKey, + sftk_attr_expand(&pPublicKeyTemplate[i])); if (crv != CKR_OK) break; } if (crv != CKR_OK) { - pk11_FreeObject(publicKey); + sftk_FreeObject(publicKey); return CKR_HOST_MEMORY; } - privateKey = pk11_NewObject(slot); /* fill in the handle later */ + privateKey = sftk_NewObject(slot); /* fill in the handle later */ if (privateKey == NULL) { - pk11_FreeObject(publicKey); + sftk_FreeObject(publicKey); return CKR_HOST_MEMORY; } /* @@ -3014,37 +3014,37 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, continue; } - crv = pk11_AddAttributeType(privateKey, - pk11_attr_expand(&pPrivateKeyTemplate[i])); + crv = sftk_AddAttributeType(privateKey, + sftk_attr_expand(&pPrivateKeyTemplate[i])); if (crv != CKR_OK) break; } if (crv != CKR_OK) { - pk11_FreeObject(publicKey); - pk11_FreeObject(privateKey); + sftk_FreeObject(publicKey); + sftk_FreeObject(privateKey); return CKR_HOST_MEMORY; } - pk11_DeleteAttributeType(privateKey,CKA_CLASS); - pk11_DeleteAttributeType(privateKey,CKA_KEY_TYPE); - pk11_DeleteAttributeType(privateKey,CKA_VALUE); - pk11_DeleteAttributeType(publicKey,CKA_CLASS); - pk11_DeleteAttributeType(publicKey,CKA_KEY_TYPE); - pk11_DeleteAttributeType(publicKey,CKA_VALUE); + sftk_DeleteAttributeType(privateKey,CKA_CLASS); + sftk_DeleteAttributeType(privateKey,CKA_KEY_TYPE); + sftk_DeleteAttributeType(privateKey,CKA_VALUE); + sftk_DeleteAttributeType(publicKey,CKA_CLASS); + sftk_DeleteAttributeType(publicKey,CKA_KEY_TYPE); + sftk_DeleteAttributeType(publicKey,CKA_VALUE); /* Now Set up the parameters to generate the key (based on mechanism) */ switch (pMechanism->mechanism) { case CKM_RSA_PKCS_KEY_PAIR_GEN: /* format the keys */ - pk11_DeleteAttributeType(publicKey,CKA_MODULUS); - pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); - pk11_DeleteAttributeType(privateKey,CKA_MODULUS); - pk11_DeleteAttributeType(privateKey,CKA_PRIVATE_EXPONENT); - pk11_DeleteAttributeType(privateKey,CKA_PUBLIC_EXPONENT); - pk11_DeleteAttributeType(privateKey,CKA_PRIME_1); - pk11_DeleteAttributeType(privateKey,CKA_PRIME_2); - pk11_DeleteAttributeType(privateKey,CKA_EXPONENT_1); - pk11_DeleteAttributeType(privateKey,CKA_EXPONENT_2); - pk11_DeleteAttributeType(privateKey,CKA_COEFFICIENT); + sftk_DeleteAttributeType(publicKey,CKA_MODULUS); + sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); + sftk_DeleteAttributeType(privateKey,CKA_MODULUS); + sftk_DeleteAttributeType(privateKey,CKA_PRIVATE_EXPONENT); + sftk_DeleteAttributeType(privateKey,CKA_PUBLIC_EXPONENT); + sftk_DeleteAttributeType(privateKey,CKA_PRIME_1); + sftk_DeleteAttributeType(privateKey,CKA_PRIME_2); + sftk_DeleteAttributeType(privateKey,CKA_EXPONENT_1); + sftk_DeleteAttributeType(privateKey,CKA_EXPONENT_2); + sftk_DeleteAttributeType(privateKey,CKA_COEFFICIENT); key_type = CKK_RSA; if (public_modulus_bits == 0) { crv = CKR_TEMPLATE_INCOMPLETE; @@ -3060,15 +3060,15 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, } /* extract the exponent */ - crv=pk11_Attribute2SSecItem(NULL,&pubExp,publicKey,CKA_PUBLIC_EXPONENT); + crv=sftk_Attribute2SSecItem(NULL,&pubExp,publicKey,CKA_PUBLIC_EXPONENT); if (crv != CKR_OK) break; - bitSize = pk11_GetLengthInBits(pubExp.data, pubExp.len); + bitSize = sftk_GetLengthInBits(pubExp.data, pubExp.len); if (bitSize < 2) { crv = CKR_ATTRIBUTE_VALUE_INVALID; break; } - crv = pk11_AddAttributeType(privateKey,CKA_PUBLIC_EXPONENT, - pk11_item_expand(&pubExp)); + crv = sftk_AddAttributeType(privateKey,CKA_PUBLIC_EXPONENT, + sftk_item_expand(&pubExp)); if (crv != CKR_OK) { PORT_Free(pubExp.data); break; @@ -3081,78 +3081,78 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, break; } /* now fill in the RSA dependent paramenters in the public key */ - crv = pk11_AddAttributeType(publicKey,CKA_MODULUS, - pk11_item_expand(&rsaPriv->modulus)); + crv = sftk_AddAttributeType(publicKey,CKA_MODULUS, + sftk_item_expand(&rsaPriv->modulus)); if (crv != CKR_OK) goto kpg_done; /* now fill in the RSA dependent paramenters in the private key */ - crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB, - pk11_item_expand(&rsaPriv->modulus)); + crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, + sftk_item_expand(&rsaPriv->modulus)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_MODULUS, - pk11_item_expand(&rsaPriv->modulus)); + crv = sftk_AddAttributeType(privateKey,CKA_MODULUS, + sftk_item_expand(&rsaPriv->modulus)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_PRIVATE_EXPONENT, - pk11_item_expand(&rsaPriv->privateExponent)); + crv = sftk_AddAttributeType(privateKey,CKA_PRIVATE_EXPONENT, + sftk_item_expand(&rsaPriv->privateExponent)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_PRIME_1, - pk11_item_expand(&rsaPriv->prime1)); + crv = sftk_AddAttributeType(privateKey,CKA_PRIME_1, + sftk_item_expand(&rsaPriv->prime1)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_PRIME_2, - pk11_item_expand(&rsaPriv->prime2)); + crv = sftk_AddAttributeType(privateKey,CKA_PRIME_2, + sftk_item_expand(&rsaPriv->prime2)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_1, - pk11_item_expand(&rsaPriv->exponent1)); + crv = sftk_AddAttributeType(privateKey,CKA_EXPONENT_1, + sftk_item_expand(&rsaPriv->exponent1)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_2, - pk11_item_expand(&rsaPriv->exponent2)); + crv = sftk_AddAttributeType(privateKey,CKA_EXPONENT_2, + sftk_item_expand(&rsaPriv->exponent2)); if (crv != CKR_OK) goto kpg_done; - crv = pk11_AddAttributeType(privateKey,CKA_COEFFICIENT, - pk11_item_expand(&rsaPriv->coefficient)); + crv = sftk_AddAttributeType(privateKey,CKA_COEFFICIENT, + sftk_item_expand(&rsaPriv->coefficient)); kpg_done: /* Should zeroize the contents first, since this func doesn't. */ PORT_FreeArena(rsaPriv->arena, PR_TRUE); break; case CKM_DSA_KEY_PAIR_GEN: - pk11_DeleteAttributeType(publicKey,CKA_VALUE); - pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); - pk11_DeleteAttributeType(privateKey,CKA_PRIME); - pk11_DeleteAttributeType(privateKey,CKA_SUBPRIME); - pk11_DeleteAttributeType(privateKey,CKA_BASE); + sftk_DeleteAttributeType(publicKey,CKA_VALUE); + sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); + sftk_DeleteAttributeType(privateKey,CKA_PRIME); + sftk_DeleteAttributeType(privateKey,CKA_SUBPRIME); + sftk_DeleteAttributeType(privateKey,CKA_BASE); key_type = CKK_DSA; /* extract the necessary paramters and copy them to the private key */ - crv=pk11_Attribute2SSecItem(NULL,&pqgParam.prime,publicKey,CKA_PRIME); + crv=sftk_Attribute2SSecItem(NULL,&pqgParam.prime,publicKey,CKA_PRIME); if (crv != CKR_OK) break; - crv=pk11_Attribute2SSecItem(NULL,&pqgParam.subPrime,publicKey, + crv=sftk_Attribute2SSecItem(NULL,&pqgParam.subPrime,publicKey, CKA_SUBPRIME); if (crv != CKR_OK) { PORT_Free(pqgParam.prime.data); break; } - crv=pk11_Attribute2SSecItem(NULL,&pqgParam.base,publicKey,CKA_BASE); + crv=sftk_Attribute2SSecItem(NULL,&pqgParam.base,publicKey,CKA_BASE); if (crv != CKR_OK) { PORT_Free(pqgParam.prime.data); PORT_Free(pqgParam.subPrime.data); break; } - crv = pk11_AddAttributeType(privateKey,CKA_PRIME, - pk11_item_expand(&pqgParam.prime)); + crv = sftk_AddAttributeType(privateKey,CKA_PRIME, + sftk_item_expand(&pqgParam.prime)); if (crv != CKR_OK) { PORT_Free(pqgParam.prime.data); PORT_Free(pqgParam.subPrime.data); PORT_Free(pqgParam.base.data); break; } - crv = pk11_AddAttributeType(privateKey,CKA_SUBPRIME, - pk11_item_expand(&pqgParam.subPrime)); + crv = sftk_AddAttributeType(privateKey,CKA_SUBPRIME, + sftk_item_expand(&pqgParam.subPrime)); if (crv != CKR_OK) { PORT_Free(pqgParam.prime.data); PORT_Free(pqgParam.subPrime.data); PORT_Free(pqgParam.base.data); break; } - crv = pk11_AddAttributeType(privateKey,CKA_BASE, - pk11_item_expand(&pqgParam.base)); + crv = sftk_AddAttributeType(privateKey,CKA_BASE, + sftk_item_expand(&pqgParam.base)); if (crv != CKR_OK) { PORT_Free(pqgParam.prime.data); PORT_Free(pqgParam.subPrime.data); @@ -3160,7 +3160,7 @@ kpg_done: break; } - bitSize = pk11_GetLengthInBits(pqgParam.subPrime.data, + bitSize = sftk_GetLengthInBits(pqgParam.subPrime.data, pqgParam.subPrime.len); if (bitSize != DSA_Q_BITS) { crv = CKR_TEMPLATE_INCOMPLETE; @@ -3169,7 +3169,7 @@ kpg_done: PORT_Free(pqgParam.base.data); break; } - bitSize = pk11_GetLengthInBits(pqgParam.prime.data,pqgParam.prime.len); + bitSize = sftk_GetLengthInBits(pqgParam.prime.data,pqgParam.prime.len); if ((bitSize < DSA_MIN_P_BITS) || (bitSize > DSA_MAX_P_BITS)) { crv = CKR_TEMPLATE_INCOMPLETE; PORT_Free(pqgParam.prime.data); @@ -3177,7 +3177,7 @@ kpg_done: PORT_Free(pqgParam.base.data); break; } - bitSize = pk11_GetLengthInBits(pqgParam.base.data,pqgParam.base.len); + bitSize = sftk_GetLengthInBits(pqgParam.base.data,pqgParam.base.len); if ((bitSize < 1) || (bitSize > DSA_MAX_P_BITS)) { crv = CKR_TEMPLATE_INCOMPLETE; PORT_Free(pqgParam.prime.data); @@ -3196,16 +3196,16 @@ kpg_done: if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; break; } /* store the generated key into the attributes */ - crv = pk11_AddAttributeType(publicKey,CKA_VALUE, - pk11_item_expand(&dsaPriv->publicValue)); + crv = sftk_AddAttributeType(publicKey,CKA_VALUE, + sftk_item_expand(&dsaPriv->publicValue)); if (crv != CKR_OK) goto dsagn_done; /* now fill in the RSA dependent paramenters in the private key */ - crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB, - pk11_item_expand(&dsaPriv->publicValue)); + crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, + sftk_item_expand(&dsaPriv->publicValue)); if (crv != CKR_OK) goto dsagn_done; - crv = pk11_AddAttributeType(privateKey,CKA_VALUE, - pk11_item_expand(&dsaPriv->privateValue)); + crv = sftk_AddAttributeType(privateKey,CKA_VALUE, + sftk_item_expand(&dsaPriv->privateValue)); dsagn_done: /* should zeroize, since this function doesn't. */ @@ -3213,43 +3213,43 @@ dsagn_done: break; case CKM_DH_PKCS_KEY_PAIR_GEN: - pk11_DeleteAttributeType(privateKey,CKA_PRIME); - pk11_DeleteAttributeType(privateKey,CKA_BASE); - pk11_DeleteAttributeType(privateKey,CKA_VALUE); - pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); + sftk_DeleteAttributeType(privateKey,CKA_PRIME); + sftk_DeleteAttributeType(privateKey,CKA_BASE); + sftk_DeleteAttributeType(privateKey,CKA_VALUE); + sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); key_type = CKK_DH; /* extract the necessary parameters and copy them to private keys */ - crv = pk11_Attribute2SSecItem(NULL, &dhParam.prime, publicKey, + crv = sftk_Attribute2SSecItem(NULL, &dhParam.prime, publicKey, CKA_PRIME); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(NULL, &dhParam.base, publicKey, CKA_BASE); + crv = sftk_Attribute2SSecItem(NULL, &dhParam.base, publicKey, CKA_BASE); if (crv != CKR_OK) { PORT_Free(dhParam.prime.data); break; } - crv = pk11_AddAttributeType(privateKey, CKA_PRIME, - pk11_item_expand(&dhParam.prime)); + crv = sftk_AddAttributeType(privateKey, CKA_PRIME, + sftk_item_expand(&dhParam.prime)); if (crv != CKR_OK) { PORT_Free(dhParam.prime.data); PORT_Free(dhParam.base.data); break; } - crv = pk11_AddAttributeType(privateKey, CKA_BASE, - pk11_item_expand(&dhParam.base)); + crv = sftk_AddAttributeType(privateKey, CKA_BASE, + sftk_item_expand(&dhParam.base)); if (crv != CKR_OK) { PORT_Free(dhParam.prime.data); PORT_Free(dhParam.base.data); break; } - bitSize = pk11_GetLengthInBits(dhParam.prime.data,dhParam.prime.len); + bitSize = sftk_GetLengthInBits(dhParam.prime.data,dhParam.prime.len); if ((bitSize < DH_MIN_P_BITS) || (bitSize > DH_MAX_P_BITS)) { crv = CKR_TEMPLATE_INCOMPLETE; PORT_Free(dhParam.prime.data); PORT_Free(dhParam.base.data); break; } - bitSize = pk11_GetLengthInBits(dhParam.base.data,dhParam.base.len); + bitSize = sftk_GetLengthInBits(dhParam.base.data,dhParam.base.len); if ((bitSize < 1) || (bitSize > DH_MAX_P_BITS)) { crv = CKR_TEMPLATE_INCOMPLETE; PORT_Free(dhParam.prime.data); @@ -3265,16 +3265,16 @@ dsagn_done: break; } - crv=pk11_AddAttributeType(publicKey, CKA_VALUE, - pk11_item_expand(&dhPriv->publicValue)); + crv=sftk_AddAttributeType(publicKey, CKA_VALUE, + sftk_item_expand(&dhPriv->publicValue)); if (crv != CKR_OK) goto dhgn_done; - crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB, - pk11_item_expand(&dhPriv->publicValue)); + crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, + sftk_item_expand(&dhPriv->publicValue)); if (crv != CKR_OK) goto dhgn_done; - crv=pk11_AddAttributeType(privateKey, CKA_VALUE, - pk11_item_expand(&dhPriv->privateValue)); + crv=sftk_AddAttributeType(privateKey, CKA_VALUE, + sftk_item_expand(&dhPriv->privateValue)); dhgn_done: /* should zeroize, since this function doesn't. */ @@ -3283,18 +3283,18 @@ dhgn_done: #ifdef NSS_ENABLE_ECC case CKM_EC_KEY_PAIR_GEN: - pk11_DeleteAttributeType(privateKey,CKA_EC_PARAMS); - pk11_DeleteAttributeType(privateKey,CKA_VALUE); - pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); + sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); + sftk_DeleteAttributeType(privateKey,CKA_VALUE); + sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); key_type = CKK_EC; /* extract the necessary parameters and copy them to private keys */ - crv = pk11_Attribute2SSecItem(NULL, &ecEncodedParams, publicKey, + crv = sftk_Attribute2SSecItem(NULL, &ecEncodedParams, publicKey, CKA_EC_PARAMS); if (crv != CKR_OK) break; - crv = pk11_AddAttributeType(privateKey, CKA_EC_PARAMS, - pk11_item_expand(&ecEncodedParams)); + crv = sftk_AddAttributeType(privateKey, CKA_EC_PARAMS, + sftk_item_expand(&ecEncodedParams)); if (crv != CKR_OK) { PORT_Free(ecEncodedParams.data); break; @@ -3314,16 +3314,16 @@ dhgn_done: break; } - crv = pk11_AddAttributeType(publicKey, CKA_EC_POINT, - pk11_item_expand(&ecPriv->publicValue)); + crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, + sftk_item_expand(&ecPriv->publicValue)); if (crv != CKR_OK) goto ecgn_done; - crv = pk11_AddAttributeType(privateKey, CKA_VALUE, - pk11_item_expand(&ecPriv->privateValue)); + crv = sftk_AddAttributeType(privateKey, CKA_VALUE, + sftk_item_expand(&ecPriv->privateValue)); if (crv != CKR_OK) goto ecgn_done; - crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB, - pk11_item_expand(&ecPriv->publicValue)); + crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, + sftk_item_expand(&ecPriv->publicValue)); ecgn_done: /* should zeroize, since this function doesn't. */ PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); @@ -3335,8 +3335,8 @@ ecgn_done: } if (crv != CKR_OK) { - pk11_FreeObject(privateKey); - pk11_FreeObject(publicKey); + sftk_FreeObject(privateKey); + sftk_FreeObject(publicKey); return crv; } @@ -3346,36 +3346,36 @@ ecgn_done: session = NULL; /* make pedtantic happy... session cannot leave the*/ /* loop below NULL unless an error is set... */ do { - crv = pk11_AddAttributeType(privateKey,CKA_CLASS,&privClass, + crv = sftk_AddAttributeType(privateKey,CKA_CLASS,&privClass, sizeof(CK_OBJECT_CLASS)); if (crv != CKR_OK) break; - crv = pk11_AddAttributeType(publicKey,CKA_CLASS,&pubClass, + crv = sftk_AddAttributeType(publicKey,CKA_CLASS,&pubClass, sizeof(CK_OBJECT_CLASS)); if (crv != CKR_OK) break; - crv = pk11_AddAttributeType(privateKey,CKA_KEY_TYPE,&key_type, + crv = sftk_AddAttributeType(privateKey,CKA_KEY_TYPE,&key_type, sizeof(CK_KEY_TYPE)); if (crv != CKR_OK) break; - crv = pk11_AddAttributeType(publicKey,CKA_KEY_TYPE,&key_type, + crv = sftk_AddAttributeType(publicKey,CKA_KEY_TYPE,&key_type, sizeof(CK_KEY_TYPE)); if (crv != CKR_OK) break; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) crv = CKR_SESSION_HANDLE_INVALID; } while (0); if (crv != CKR_OK) { - pk11_FreeObject(privateKey); - pk11_FreeObject(publicKey); + sftk_FreeObject(privateKey); + sftk_FreeObject(publicKey); return crv; } /* * handle the base object cleanup for the public Key */ - crv = pk11_handleObject(privateKey,session); + crv = sftk_handleObject(privateKey,session); if (crv != CKR_OK) { - pk11_FreeSession(session); - pk11_FreeObject(privateKey); - pk11_FreeObject(publicKey); + sftk_FreeSession(session); + sftk_FreeObject(privateKey); + sftk_FreeObject(publicKey); return crv; } @@ -3384,43 +3384,43 @@ ecgn_done: * If we have any problems, we destroy the public Key we've * created and linked. */ - crv = pk11_handleObject(publicKey,session); - pk11_FreeSession(session); + crv = sftk_handleObject(publicKey,session); + sftk_FreeSession(session); if (crv != CKR_OK) { - pk11_FreeObject(publicKey); + sftk_FreeObject(publicKey); NSC_DestroyObject(hSession,privateKey->handle); - pk11_FreeObject(privateKey); + sftk_FreeObject(privateKey); return crv; } - if (pk11_isTrue(privateKey,CKA_SENSITIVE)) { - pk11_forceAttribute(privateKey,CKA_ALWAYS_SENSITIVE, + if (sftk_isTrue(privateKey,CKA_SENSITIVE)) { + sftk_forceAttribute(privateKey,CKA_ALWAYS_SENSITIVE, &cktrue,sizeof(CK_BBOOL)); } - if (pk11_isTrue(publicKey,CKA_SENSITIVE)) { - pk11_forceAttribute(publicKey,CKA_ALWAYS_SENSITIVE, + if (sftk_isTrue(publicKey,CKA_SENSITIVE)) { + sftk_forceAttribute(publicKey,CKA_ALWAYS_SENSITIVE, &cktrue,sizeof(CK_BBOOL)); } - if (!pk11_isTrue(privateKey,CKA_EXTRACTABLE)) { - pk11_forceAttribute(privateKey,CKA_NEVER_EXTRACTABLE, + if (!sftk_isTrue(privateKey,CKA_EXTRACTABLE)) { + sftk_forceAttribute(privateKey,CKA_NEVER_EXTRACTABLE, &cktrue,sizeof(CK_BBOOL)); } - if (!pk11_isTrue(publicKey,CKA_EXTRACTABLE)) { - pk11_forceAttribute(publicKey,CKA_NEVER_EXTRACTABLE, + if (!sftk_isTrue(publicKey,CKA_EXTRACTABLE)) { + sftk_forceAttribute(publicKey,CKA_NEVER_EXTRACTABLE, &cktrue,sizeof(CK_BBOOL)); } *phPrivateKey = privateKey->handle; *phPublicKey = publicKey->handle; - pk11_FreeObject(publicKey); - pk11_FreeObject(privateKey); + sftk_FreeObject(publicKey); + sftk_FreeObject(privateKey); return CKR_OK; } -static SECItem *pk11_PackagePrivateKey(PK11Object *key, CK_RV *crvp) +static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) { NSSLOWKEYPrivateKey *lk = NULL; NSSLOWKEYPrivateKeyInfo *pki = NULL; - PK11Attribute *attribute = NULL; + SFTKAttribute *attribute = NULL; PLArenaPool *arena = NULL; SECOidTag algorithm = SEC_OID_UNKNOWN; void *dummy, *param = NULL; @@ -3437,14 +3437,14 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key, CK_RV *crvp) return NULL; } - attribute = pk11_FindAttribute(key, CKA_KEY_TYPE); + attribute = sftk_FindAttribute(key, CKA_KEY_TYPE); if(!attribute) { *crvp = CKR_KEY_TYPE_INCONSISTENT; return NULL; } - lk = pk11_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue, crvp); - pk11_FreeAttribute(attribute); + lk = sftk_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue, crvp); + sftk_FreeAttribute(attribute); if(!lk) { return NULL; } @@ -3502,7 +3502,7 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key, CK_RV *crvp) lk->u.ec.publicValue.len >>= 3; fordebug = &pki->privateKey; - SEC_PRINT("pk11_PackagePrivateKey()", "PrivateKey", lk->keyType, + SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -3544,7 +3544,7 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key, CK_RV *crvp) #ifdef NSS_ENABLE_ECC fordebug = encodedKey; - SEC_PRINT("pk11_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, + SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); #endif loser: @@ -3570,7 +3570,7 @@ loser: /* it doesn't matter yet, since we colapse error conditions in the * level above, but we really should map those few key error differences */ static CK_RV -pk11_mapWrap(CK_RV crv) +sftk_mapWrap(CK_RV crv) { switch (crv) { case CKR_ENCRYPTED_DATA_INVALID: crv = CKR_WRAPPED_KEY_INVALID; break; @@ -3584,18 +3584,18 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) { - PK11Session *session; - PK11Attribute *attribute; - PK11Object *key; + SFTKSession *session; + SFTKAttribute *attribute; + SFTKObject *key; CK_RV crv; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { return CKR_SESSION_HANDLE_INVALID; } - key = pk11_ObjectFromHandle(hKey,session); - pk11_FreeSession(session); + key = sftk_ObjectFromHandle(hKey,session); + sftk_FreeSession(session); if (key == NULL) { return CKR_KEY_HANDLE_INVALID; } @@ -3603,19 +3603,19 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, switch(key->objclass) { case CKO_SECRET_KEY: { - PK11SessionContext *context = NULL; + SFTKSessionContext *context = NULL; SECItem pText; - attribute = pk11_FindAttribute(key,CKA_VALUE); + attribute = sftk_FindAttribute(key,CKA_VALUE); if (attribute == NULL) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } - crv = pk11_CryptInit(hSession, pMechanism, hWrappingKey, - CKA_WRAP, PK11_ENCRYPT, PR_TRUE); + crv = sftk_CryptInit(hSession, pMechanism, hWrappingKey, + CKA_WRAP, SFTK_ENCRYPT, PR_TRUE); if (crv != CKR_OK) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); break; } @@ -3624,7 +3624,7 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, pText.len = attribute->attrib.ulValueLen; /* Find out if this is a block cipher. */ - crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_FALSE,NULL); + crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_FALSE,NULL); if (crv != CKR_OK || !context) break; if (context->blockSize > 1) { @@ -3651,20 +3651,20 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, if (pText.data != (unsigned char *)attribute->attrib.pValue) PORT_ZFree(pText.data, pText.len); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); break; } case CKO_PRIVATE_KEY: { - SECItem *bpki = pk11_PackagePrivateKey(key, &crv); + SECItem *bpki = sftk_PackagePrivateKey(key, &crv); if(!bpki) { break; } - crv = pk11_CryptInit(hSession, pMechanism, hWrappingKey, - CKA_WRAP, PK11_ENCRYPT, PR_TRUE); + crv = sftk_CryptInit(hSession, pMechanism, hWrappingKey, + CKA_WRAP, SFTK_ENCRYPT, PR_TRUE); if(crv != CKR_OK) { SECITEM_ZfreeItem(bpki, PR_TRUE); crv = CKR_KEY_TYPE_INCONSISTENT; @@ -3681,16 +3681,16 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - pk11_FreeObject(key); + sftk_FreeObject(key); - return pk11_mapWrap(crv); + return sftk_mapWrap(crv); } /* * import a pprivate key info into the desired slot */ static SECStatus -pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki) +sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) { CK_BBOOL cktrue = CK_TRUE; CK_KEY_TYPE keyType = CKK_RSA; @@ -3798,73 +3798,73 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki) switch (lpk->keyType) { case NSSLOWKEYRSAKey: keyType = CKK_RSA; - if(pk11_hasAttribute(key, CKA_NETSCAPE_DB)) { - pk11_DeleteAttributeType(key, CKA_NETSCAPE_DB); + if(sftk_hasAttribute(key, CKA_NETSCAPE_DB)) { + sftk_DeleteAttributeType(key, CKA_NETSCAPE_DB); } - crv = pk11_AddAttributeType(key, CKA_KEY_TYPE, &keyType, + crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_UNWRAP, &cktrue, + crv = sftk_AddAttributeType(key, CKA_UNWRAP, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_DECRYPT, &cktrue, + crv = sftk_AddAttributeType(key, CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_MODULUS, - pk11_item_expand(&lpk->u.rsa.modulus)); + crv = sftk_AddAttributeType(key, CKA_MODULUS, + sftk_item_expand(&lpk->u.rsa.modulus)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_PUBLIC_EXPONENT, - pk11_item_expand(&lpk->u.rsa.publicExponent)); + crv = sftk_AddAttributeType(key, CKA_PUBLIC_EXPONENT, + sftk_item_expand(&lpk->u.rsa.publicExponent)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_PRIVATE_EXPONENT, - pk11_item_expand(&lpk->u.rsa.privateExponent)); + crv = sftk_AddAttributeType(key, CKA_PRIVATE_EXPONENT, + sftk_item_expand(&lpk->u.rsa.privateExponent)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_PRIME_1, - pk11_item_expand(&lpk->u.rsa.prime1)); + crv = sftk_AddAttributeType(key, CKA_PRIME_1, + sftk_item_expand(&lpk->u.rsa.prime1)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_PRIME_2, - pk11_item_expand(&lpk->u.rsa.prime2)); + crv = sftk_AddAttributeType(key, CKA_PRIME_2, + sftk_item_expand(&lpk->u.rsa.prime2)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_EXPONENT_1, - pk11_item_expand(&lpk->u.rsa.exponent1)); + crv = sftk_AddAttributeType(key, CKA_EXPONENT_1, + sftk_item_expand(&lpk->u.rsa.exponent1)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_EXPONENT_2, - pk11_item_expand(&lpk->u.rsa.exponent2)); + crv = sftk_AddAttributeType(key, CKA_EXPONENT_2, + sftk_item_expand(&lpk->u.rsa.exponent2)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_COEFFICIENT, - pk11_item_expand(&lpk->u.rsa.coefficient)); + crv = sftk_AddAttributeType(key, CKA_COEFFICIENT, + sftk_item_expand(&lpk->u.rsa.coefficient)); break; case NSSLOWKEYDSAKey: keyType = CKK_DSA; - crv = (pk11_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : + crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT; if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_KEY_TYPE, &keyType, + crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_PRIME, - pk11_item_expand(&lpk->u.dsa.params.prime)); + crv = sftk_AddAttributeType(key, CKA_PRIME, + sftk_item_expand(&lpk->u.dsa.params.prime)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SUBPRIME, - pk11_item_expand(&lpk->u.dsa.params.subPrime)); + crv = sftk_AddAttributeType(key, CKA_SUBPRIME, + sftk_item_expand(&lpk->u.dsa.params.subPrime)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_BASE, - pk11_item_expand(&lpk->u.dsa.params.base)); + crv = sftk_AddAttributeType(key, CKA_BASE, + sftk_item_expand(&lpk->u.dsa.params.base)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_VALUE, - pk11_item_expand(&lpk->u.dsa.privateValue)); + crv = sftk_AddAttributeType(key, CKA_VALUE, + sftk_item_expand(&lpk->u.dsa.privateValue)); if(crv != CKR_OK) break; break; #ifdef notdef @@ -3878,26 +3878,26 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki) #ifdef NSS_ENABLE_ECC case NSSLOWKEYECKey: keyType = CKK_EC; - crv = (pk11_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : + crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT; if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_KEY_TYPE, &keyType, + crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, + crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_DERIVE, &cktrue, + crv = sftk_AddAttributeType(key, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_EC_PARAMS, - pk11_item_expand(&lpk->u.ec.ecParams.DEREncoding)); + crv = sftk_AddAttributeType(key, CKA_EC_PARAMS, + sftk_item_expand(&lpk->u.ec.ecParams.DEREncoding)); if(crv != CKR_OK) break; - crv = pk11_AddAttributeType(key, CKA_VALUE, - pk11_item_expand(&lpk->u.ec.privateValue)); + crv = sftk_AddAttributeType(key, CKA_VALUE, + sftk_item_expand(&lpk->u.ec.privateValue)); if(crv != CKR_OK) break; /* XXX Do we need to decode the EC Params here ?? */ break; @@ -3931,21 +3931,21 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { - PK11Object *key = NULL; - PK11Session *session; + SFTKObject *key = NULL; + SFTKSession *session; CK_ULONG key_length = 0; unsigned char * buf = NULL; CK_RV crv = CKR_OK; int i; CK_ULONG bsize = ulWrappedKeyLen; - PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); + SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); SECItem bpki; CK_OBJECT_CLASS target_type = CKO_SECRET_KEY; /* * now lets create an object to hang the attributes off of */ - key = pk11_NewObject(slot); /* fill in the handle later */ + key = sftk_NewObject(slot); /* fill in the handle later */ if (key == NULL) { return CKR_HOST_MEMORY; } @@ -3961,19 +3961,19 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, if (pTemplate[i].type == CKA_CLASS) { target_type = *(CK_OBJECT_CLASS *)pTemplate[i].pValue; } - crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i])); + crv = sftk_AddAttributeType(key,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) break; } if (crv != CKR_OK) { - pk11_FreeObject(key); + sftk_FreeObject(key); return crv; } - crv = pk11_CryptInit(hSession,pMechanism,hUnwrappingKey,CKA_UNWRAP, - PK11_DECRYPT, PR_FALSE); + crv = sftk_CryptInit(hSession,pMechanism,hUnwrappingKey,CKA_UNWRAP, + SFTK_DECRYPT, PR_FALSE); if (crv != CKR_OK) { - pk11_FreeObject(key); - return pk11_mapWrap(crv); + sftk_FreeObject(key); + return sftk_mapWrap(crv); } /* allocate the buffer to decrypt into @@ -3984,14 +3984,14 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, crv = NSC_Decrypt(hSession, pWrappedKey, ulWrappedKeyLen, buf, &bsize); if (crv != CKR_OK) { - pk11_FreeObject(key); + sftk_FreeObject(key); PORT_Free(buf); - return pk11_mapWrap(crv); + return sftk_mapWrap(crv); } switch(target_type) { case CKO_SECRET_KEY: - if (!pk11_hasAttribute(key,CKA_KEY_TYPE)) { + if (!sftk_hasAttribute(key,CKA_KEY_TYPE)) { crv = CKR_TEMPLATE_INCOMPLETE; break; } @@ -4005,13 +4005,13 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, } /* add the value */ - crv = pk11_AddAttributeType(key,CKA_VALUE,buf,key_length); + crv = sftk_AddAttributeType(key,CKA_VALUE,buf,key_length); break; case CKO_PRIVATE_KEY: bpki.data = (unsigned char *)buf; bpki.len = bsize; crv = CKR_OK; - if(pk11_unwrapPrivateKey(key, &bpki) != SECSuccess) { + if(sftk_unwrapPrivateKey(key, &bpki) != SECSuccess) { crv = CKR_TEMPLATE_INCOMPLETE; } break; @@ -4021,22 +4021,22 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, } PORT_ZFree(buf, bsize); - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } /* get the session */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_SESSION_HANDLE_INVALID; } /* * handle the base object stuff */ - crv = pk11_handleObject(key,session); + crv = sftk_handleObject(key,session); *phKey = key->handle; - pk11_FreeSession(session); - pk11_FreeObject(key); + sftk_FreeSession(session); + sftk_FreeObject(key); return crv; @@ -4047,12 +4047,12 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession, * details of each of these key creation. */ static CK_RV -pk11_buildSSLKey(CK_SESSION_HANDLE hSession, PK11Object *baseKey, +sftk_buildSSLKey(CK_SESSION_HANDLE hSession, SFTKObject *baseKey, PRBool isMacKey, unsigned char *keyBlock, unsigned int keySize, CK_OBJECT_HANDLE *keyHandle) { - PK11Object *key; - PK11Session *session; + SFTKObject *key; + SFTKSession *session; CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; CK_BBOOL cktrue = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; @@ -4062,43 +4062,43 @@ pk11_buildSSLKey(CK_SESSION_HANDLE hSession, PK11Object *baseKey, * now lets create an object to hang the attributes off of */ *keyHandle = CK_INVALID_HANDLE; - key = pk11_NewObject(baseKey->slot); + key = sftk_NewObject(baseKey->slot); if (key == NULL) return CKR_HOST_MEMORY; - pk11_narrowToSessionObject(key)->wasDerived = PR_TRUE; + sftk_narrowToSessionObject(key)->wasDerived = PR_TRUE; - crv = pk11_CopyObject(key,baseKey); + crv = sftk_CopyObject(key,baseKey); if (crv != CKR_OK) goto loser; if (isMacKey) { - crv = pk11_forceAttribute(key,CKA_KEY_TYPE,&keyType,sizeof(keyType)); + crv = sftk_forceAttribute(key,CKA_KEY_TYPE,&keyType,sizeof(keyType)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_ENCRYPT,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_ENCRYPT,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_DECRYPT,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_DECRYPT,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_SIGN,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_SIGN,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_WRAP,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_WRAP,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; - crv = pk11_forceAttribute(key,CKA_UNWRAP,&ckfalse,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_UNWRAP,&ckfalse,sizeof(CK_BBOOL)); if (crv != CKR_OK) goto loser; } - crv = pk11_forceAttribute(key,CKA_VALUE,keyBlock,keySize); + crv = sftk_forceAttribute(key,CKA_VALUE,keyBlock,keySize); if (crv != CKR_OK) goto loser; /* get the session */ crv = CKR_HOST_MEMORY; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { goto loser; } - crv = pk11_handleObject(key,session); - pk11_FreeSession(session); + crv = sftk_handleObject(key,session); + sftk_FreeSession(session); *keyHandle = key->handle; loser: - if (key) pk11_FreeObject(key); + if (key) sftk_FreeObject(key); return crv; } @@ -4107,7 +4107,7 @@ loser: * This is the routine that will do it.. */ static void -pk11_freeSSLKeys(CK_SESSION_HANDLE session, +sftk_freeSSLKeys(CK_SESSION_HANDLE session, CK_SSL3_KEY_MAT_OUT *returnedMaterial ) { if (returnedMaterial->hClientMacSecret != CK_INVALID_HANDLE) { @@ -4130,55 +4130,55 @@ pk11_freeSSLKeys(CK_SESSION_HANDLE session, * semantics. */ static CK_RV -pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) +sftk_DeriveSensitiveCheck(SFTKObject *baseKey,SFTKObject *destKey) { PRBool hasSensitive; PRBool sensitive = PR_FALSE; PRBool hasExtractable; PRBool extractable = PR_TRUE; CK_RV crv = CKR_OK; - PK11Attribute *att; + SFTKAttribute *att; hasSensitive = PR_FALSE; - att = pk11_FindAttribute(destKey,CKA_SENSITIVE); + att = sftk_FindAttribute(destKey,CKA_SENSITIVE); if (att) { hasSensitive = PR_TRUE; sensitive = (PRBool) *(CK_BBOOL *)att->attrib.pValue; - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); } hasExtractable = PR_FALSE; - att = pk11_FindAttribute(destKey,CKA_EXTRACTABLE); + att = sftk_FindAttribute(destKey,CKA_EXTRACTABLE); if (att) { hasExtractable = PR_TRUE; extractable = (PRBool) *(CK_BBOOL *)att->attrib.pValue; - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); } /* don't make a key more accessible */ - if (pk11_isTrue(baseKey,CKA_SENSITIVE) && hasSensitive && + if (sftk_isTrue(baseKey,CKA_SENSITIVE) && hasSensitive && (sensitive == PR_FALSE)) { return CKR_KEY_FUNCTION_NOT_PERMITTED; } - if (!pk11_isTrue(baseKey,CKA_EXTRACTABLE) && hasExtractable && + if (!sftk_isTrue(baseKey,CKA_EXTRACTABLE) && hasExtractable && (extractable == PR_TRUE)) { return CKR_KEY_FUNCTION_NOT_PERMITTED; } /* inherit parent's sensitivity */ if (!hasSensitive) { - att = pk11_FindAttribute(baseKey,CKA_SENSITIVE); + att = sftk_FindAttribute(baseKey,CKA_SENSITIVE); if (att == NULL) return CKR_KEY_TYPE_INCONSISTENT; - crv = pk11_defaultAttribute(destKey,pk11_attr_expand(&att->attrib)); - pk11_FreeAttribute(att); + crv = sftk_defaultAttribute(destKey,sftk_attr_expand(&att->attrib)); + sftk_FreeAttribute(att); if (crv != CKR_OK) return crv; } if (!hasExtractable) { - att = pk11_FindAttribute(baseKey,CKA_EXTRACTABLE); + att = sftk_FindAttribute(baseKey,CKA_EXTRACTABLE); if (att == NULL) return CKR_KEY_TYPE_INCONSISTENT; - crv = pk11_defaultAttribute(destKey,pk11_attr_expand(&att->attrib)); - pk11_FreeAttribute(att); + crv = sftk_defaultAttribute(destKey,sftk_attr_expand(&att->attrib)); + sftk_FreeAttribute(att); if (crv != CKR_OK) return crv; } @@ -4192,7 +4192,7 @@ pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) * make known fixed PKCS #11 key types to their sizes in bytes */ unsigned long -pk11_MapKeySize(CK_KEY_TYPE keyType) +sftk_MapKeySize(CK_KEY_TYPE keyType) { switch (keyType) { case CKK_CDMF: @@ -4234,12 +4234,12 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { - PK11Session * session; - PK11Slot * slot = pk11_SlotFromSessionHandle(hSession); - PK11Object * key; - PK11Object * sourceKey; - PK11Attribute * att; - PK11Attribute * att2; + SFTKSession * session; + SFTKSlot * slot = sftk_SlotFromSessionHandle(hSession); + SFTKObject * key; + SFTKObject * sourceKey; + SFTKAttribute * att; + SFTKAttribute * att2; unsigned char * buf; SHA1Context * sha; MD5Context * md5; @@ -4268,7 +4268,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, */ if (phKey) *phKey = CK_INVALID_HANDLE; - key = pk11_NewObject(slot); /* fill in the handle later */ + key = sftk_NewObject(slot); /* fill in the handle later */ if (key == NULL) { return CKR_HOST_MEMORY; } @@ -4278,7 +4278,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, * load the template values into the object */ for (i=0; i < (int) ulAttributeCount; i++) { - crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i])); + crv = sftk_AddAttributeType(key,sftk_attr_expand(&pTemplate[i])); if (crv != CKR_OK) break; if (pTemplate[i].type == CKA_KEY_TYPE) { @@ -4288,47 +4288,47 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, keySize = *(CK_ULONG *)pTemplate[i].pValue; } } - if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } if (keySize == 0) { - keySize = pk11_MapKeySize(keyType); + keySize = sftk_MapKeySize(keyType); } /* Derive can only create SECRET KEY's currently... */ classType = CKO_SECRET_KEY; - crv = pk11_forceAttribute (key,CKA_CLASS,&classType,sizeof(classType)); + crv = sftk_forceAttribute (key,CKA_CLASS,&classType,sizeof(classType)); if (crv != CKR_OK) { - pk11_FreeObject(key); + sftk_FreeObject(key); return crv; } /* look up the base key we're deriving with */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_SESSION_HANDLE_INVALID; } - sourceKey = pk11_ObjectFromHandle(hBaseKey,session); - pk11_FreeSession(session); + sourceKey = sftk_ObjectFromHandle(hBaseKey,session); + sftk_FreeSession(session); if (sourceKey == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_KEY_HANDLE_INVALID; } /* don't use key derive to expose sensitive keys */ - crv = pk11_DeriveSensitiveCheck(sourceKey,key); + crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) { - pk11_FreeObject(key); - pk11_FreeObject(sourceKey); + sftk_FreeObject(key); + sftk_FreeObject(sourceKey); return crv; } /* get the value of the base key */ - att = pk11_FindAttribute(sourceKey,CKA_VALUE); + att = sftk_FindAttribute(sourceKey,CKA_VALUE); if (att == NULL) { - pk11_FreeObject(key); - pk11_FreeObject(sourceKey); + sftk_FreeObject(key); + sftk_FreeObject(sourceKey); return CKR_KEY_HANDLE_INVALID; } @@ -4354,14 +4354,14 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - att2 = pk11_FindAttribute(sourceKey,CKA_KEY_TYPE); + att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { - if (att2) pk11_FreeAttribute(att2); + if (att2) sftk_FreeAttribute(att2); crv = CKR_KEY_FUNCTION_NOT_PERMITTED; break; } - pk11_FreeAttribute(att2); + sftk_FreeAttribute(att2); if (keyType != CKK_GENERIC_SECRET) { crv = CKR_KEY_FUNCTION_NOT_PERMITTED; break; @@ -4376,7 +4376,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, ssl3_master = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; if (ssl3_master->pVersion) { - PK11SessionObject *sessKey = pk11_narrowToSessionObject(key); + SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue; /* don't leak more key material then necessary for SSL to work */ if ((sessKey == NULL) || sessKey->wasDerived) { @@ -4415,7 +4415,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, ssl3_master->RandomInfo.pServerRandom, SSL3_RANDOM_LENGTH); - status = pk11_PRF(&pms, "master secret", &crsr, &master, isFIPS); + status = sftk_PRF(&pms, "master secret", &crsr, &master, isFIPS); if (status != SECSuccess) { crv = CKR_FUNCTION_FAILED; break; @@ -4456,21 +4456,21 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, } /* store the results */ - crv = pk11_forceAttribute + crv = sftk_forceAttribute (key,CKA_VALUE,key_block,SSL3_MASTER_SECRET_LENGTH); if (crv != CKR_OK) break; keyType = CKK_GENERIC_SECRET; - crv = pk11_forceAttribute (key,CKA_KEY_TYPE,&keyType,sizeof(keyType)); + crv = sftk_forceAttribute (key,CKA_KEY_TYPE,&keyType,sizeof(keyType)); if (isTLS) { /* TLS's master secret is used to "sign" finished msgs with PRF. */ - /* XXX This seems like a hack. But PK11_Derive only accepts + /* XXX This seems like a hack. But SFTK_Derive only accepts * one "operation" argument. */ - crv = pk11_forceAttribute(key,CKA_SIGN, &cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_SIGN, &cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) break; - crv = pk11_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) break; /* While we're here, we might as well force this, too. */ - crv = pk11_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); + crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); if (crv != CKR_OK) break; } break; @@ -4485,21 +4485,21 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; CK_ULONG effKeySize; - crv = pk11_DeriveSensitiveCheck(sourceKey,key); + crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) break; if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { crv = CKR_KEY_FUNCTION_NOT_PERMITTED; break; } - att2 = pk11_FindAttribute(sourceKey,CKA_KEY_TYPE); + att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { - if (att2) pk11_FreeAttribute(att2); + if (att2) sftk_FreeAttribute(att2); crv = CKR_KEY_FUNCTION_NOT_PERMITTED; break; } - pk11_FreeAttribute(att2); + sftk_FreeAttribute(att2); md5 = MD5_NewContext(); if (md5 == NULL) { crv = CKR_HOST_MEMORY; @@ -4546,7 +4546,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, ssl3_keys->RandomInfo.pClientRandom, SSL3_RANDOM_LENGTH); - status = pk11_PRF(&master, "key expansion", &srcr, &keyblk, + status = sftk_PRF(&master, "key expansion", &srcr, &keyblk, isFIPS); if (status != SECSuccess) { goto key_and_mac_derive_fail; @@ -4596,7 +4596,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, * The key_block is partitioned as follows: * client_write_MAC_secret[CipherSpec.hash_size] */ - crv = pk11_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize, + crv = sftk_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize, &ssl3_keys_out->hClientMacSecret); if (crv != CKR_OK) goto key_and_mac_derive_fail; @@ -4606,7 +4606,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, /* * server_write_MAC_secret[CipherSpec.hash_size] */ - crv = pk11_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize, + crv = sftk_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize, &ssl3_keys_out->hServerMacSecret); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4619,7 +4619,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, ** Generate Domestic write keys and IVs. ** client_write_key[CipherSpec.key_material] */ - crv = pk11_buildSSLKey(hSession,key,PR_FALSE,&key_block[i], + crv = sftk_buildSSLKey(hSession,key,PR_FALSE,&key_block[i], keySize, &ssl3_keys_out->hClientKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4629,7 +4629,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, /* ** server_write_key[CipherSpec.key_material] */ - crv = pk11_buildSSLKey(hSession,key,PR_FALSE,&key_block[i], + crv = sftk_buildSSLKey(hSession,key,PR_FALSE,&key_block[i], keySize, &ssl3_keys_out->hServerKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4671,7 +4671,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, ssl3_keys->RandomInfo.ulServerRandomLen); MD5_End(md5, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - crv = pk11_buildSSLKey(hSession,key,PR_FALSE,key_block2, + crv = sftk_buildSSLKey(hSession,key,PR_FALSE,key_block2, keySize,&ssl3_keys_out->hClientKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4690,7 +4690,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, ssl3_keys->RandomInfo.ulClientRandomLen); MD5_End(md5, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - crv = pk11_buildSSLKey(hSession,key,PR_FALSE,key_block2, + crv = sftk_buildSSLKey(hSession,key,PR_FALSE,key_block2, keySize,&ssl3_keys_out->hServerKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4753,12 +4753,12 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, i += effKeySize; keyblk.data = key_block2; keyblk.len = sizeof key_block2; - status = pk11_PRF(&secret, "client write key", &crsr, &keyblk, + status = sftk_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS); if (status != SECSuccess) { goto key_and_mac_derive_fail; } - crv = pk11_buildSSLKey(hSession, key, PR_FALSE, key_block2, + crv = sftk_buildSSLKey(hSession, key, PR_FALSE, key_block2, keySize, &ssl3_keys_out->hClientKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4775,12 +4775,12 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, i += effKeySize; keyblk.data = key_block2; keyblk.len = sizeof key_block2; - status = pk11_PRF(&secret, "server write key", &crsr, &keyblk, + status = sftk_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS); if (status != SECSuccess) { goto key_and_mac_derive_fail; } - crv = pk11_buildSSLKey(hSession, key, PR_FALSE, key_block2, + crv = sftk_buildSSLKey(hSession, key, PR_FALSE, key_block2, keySize, &ssl3_keys_out->hServerKey); if (crv != CKR_OK) { goto key_and_mac_derive_fail; @@ -4797,7 +4797,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, secret.len = 0; keyblk.data = &key_block[i]; keyblk.len = 2 * IVSize; - status = pk11_PRF(&secret, "IV block", &crsr, &keyblk, + status = sftk_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS); if (status != SECSuccess) { goto key_and_mac_derive_fail; @@ -4815,63 +4815,63 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, key_and_mac_derive_fail: if (crv == CKR_OK) crv = CKR_FUNCTION_FAILED; - pk11_freeSSLKeys(hSession, ssl3_keys_out); + sftk_freeSSLKeys(hSession, ssl3_keys_out); } MD5_DestroyContext(md5, PR_TRUE); SHA1_DestroyContext(sha, PR_TRUE); - pk11_FreeObject(key); + sftk_FreeObject(key); key = NULL; break; } case CKM_CONCATENATE_BASE_AND_KEY: { - PK11Object *newKey; + SFTKObject *newKey; - crv = pk11_DeriveSensitiveCheck(sourceKey,key); + crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) break; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { crv = CKR_SESSION_HANDLE_INVALID; break; } - newKey = pk11_ObjectFromHandle(*(CK_OBJECT_HANDLE *) + newKey = sftk_ObjectFromHandle(*(CK_OBJECT_HANDLE *) pMechanism->pParameter,session); - pk11_FreeSession(session); + sftk_FreeSession(session); if ( newKey == NULL) { crv = CKR_KEY_HANDLE_INVALID; break; } - if (pk11_isTrue(newKey,CKA_SENSITIVE)) { - crv = pk11_forceAttribute(newKey,CKA_SENSITIVE,&cktrue, + if (sftk_isTrue(newKey,CKA_SENSITIVE)) { + crv = sftk_forceAttribute(newKey,CKA_SENSITIVE,&cktrue, sizeof(CK_BBOOL)); if (crv != CKR_OK) { - pk11_FreeObject(newKey); + sftk_FreeObject(newKey); break; } } - att2 = pk11_FindAttribute(newKey,CKA_VALUE); + att2 = sftk_FindAttribute(newKey,CKA_VALUE); if (att2 == NULL) { - pk11_FreeObject(newKey); + sftk_FreeObject(newKey); crv = CKR_KEY_HANDLE_INVALID; break; } tmpKeySize = att->attrib.ulValueLen+att2->attrib.ulValueLen; if (keySize == 0) keySize = tmpKeySize; if (keySize > tmpKeySize) { - pk11_FreeObject(newKey); - pk11_FreeAttribute(att2); + sftk_FreeObject(newKey); + sftk_FreeAttribute(att2); crv = CKR_TEMPLATE_INCONSISTENT; break; } buf = (unsigned char*)PORT_Alloc(tmpKeySize); if (buf == NULL) { - pk11_FreeAttribute(att2); - pk11_FreeObject(newKey); + sftk_FreeAttribute(att2); + sftk_FreeObject(newKey); crv = CKR_HOST_MEMORY; break; } @@ -4880,10 +4880,10 @@ key_and_mac_derive_fail: PORT_Memcpy(buf+att->attrib.ulValueLen, att2->attrib.pValue,att2->attrib.ulValueLen); - crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,buf,keySize); PORT_ZFree(buf,tmpKeySize); - pk11_FreeAttribute(att2); - pk11_FreeObject(newKey); + sftk_FreeAttribute(att2); + sftk_FreeObject(newKey); break; } @@ -4905,7 +4905,7 @@ key_and_mac_derive_fail: PORT_Memcpy(buf+att->attrib.ulValueLen,stringPtr->pData, stringPtr->ulLen); - crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,buf,keySize); PORT_ZFree(buf,tmpKeySize); break; case CKM_CONCATENATE_DATA_AND_BASE: @@ -4926,7 +4926,7 @@ key_and_mac_derive_fail: PORT_Memcpy(buf+stringPtr->ulLen,att->attrib.pValue, att->attrib.ulValueLen); - crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,buf,keySize); PORT_ZFree(buf,tmpKeySize); break; case CKM_XOR_BASE_AND_DATA: @@ -4949,7 +4949,7 @@ key_and_mac_derive_fail: buf[i] ^= stringPtr->pData[i]; } - crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,buf,keySize); PORT_ZFree(buf,keySize); break; @@ -4987,7 +4987,7 @@ key_and_mac_derive_fail: } } - crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,buf,keySize); PORT_ZFree(buf,keySize); break; } @@ -5009,7 +5009,7 @@ key_and_mac_derive_fail: MD2_End(md2,key_block,&outLen,MD2_LENGTH); MD2_DestroyContext(md2, PR_TRUE); - crv = pk11_forceAttribute (key,CKA_VALUE,key_block,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,key_block,keySize); break; case CKM_MD5_KEY_DERIVATION: if (keySize == 0) keySize = MD5_LENGTH; @@ -5029,7 +5029,7 @@ key_and_mac_derive_fail: MD5_End(md5,key_block,&outLen,MD5_LENGTH); MD5_DestroyContext(md5, PR_TRUE); - crv = pk11_forceAttribute (key,CKA_VALUE,key_block,keySize); + crv = sftk_forceAttribute (key,CKA_VALUE,key_block,keySize); break; case CKM_SHA1_KEY_DERIVATION: if (keySize == 0) keySize = SHA1_LENGTH; @@ -5049,7 +5049,7 @@ key_and_mac_derive_fail: SHA1_End(sha,key_block,&outLen,SHA1_LENGTH); SHA1_DestroyContext(sha, PR_TRUE); - crv = pk11_forceAttribute(key,CKA_VALUE,key_block,keySize); + crv = sftk_forceAttribute(key,CKA_VALUE,key_block,keySize); break; case CKM_DH_PKCS_DERIVE: @@ -5058,9 +5058,9 @@ key_and_mac_derive_fail: SECItem dhPrime, dhValue; /* sourceKey - values for the local existing low key */ /* get prime and value attributes */ - crv = pk11_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME); + crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME); if (crv != SECSuccess) break; - crv = pk11_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); + crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); if (crv != SECSuccess) { PORT_Free(dhPrime.data); break; @@ -5076,7 +5076,7 @@ key_and_mac_derive_fail: PORT_Free(dhValue.data); if (rv == SECSuccess) { - pk11_forceAttribute(key, CKA_VALUE, derived.data, derived.len); + sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); PORT_ZFree(derived.data, derived.len); } else crv = CKR_HOST_MEMORY; @@ -5107,7 +5107,7 @@ key_and_mac_derive_fail: break; } - privKey = pk11_GetPrivKey(sourceKey, CKK_EC, &crv); + privKey = sftk_GetPrivKey(sourceKey, CKK_EC, &crv); if (privKey == NULL) { break; } @@ -5161,7 +5161,7 @@ key_and_mac_derive_fail: } if (rv == SECSuccess) { - pk11_forceAttribute(key, CKA_VALUE, secret, secretlen); + sftk_forceAttribute(key, CKA_VALUE, secret, secretlen); PORT_ZFree(tmp.data, tmp.len); memset(secret_hash, 0, 20); } else @@ -5174,29 +5174,29 @@ key_and_mac_derive_fail: default: crv = CKR_MECHANISM_INVALID; } - pk11_FreeAttribute(att); - pk11_FreeObject(sourceKey); + sftk_FreeAttribute(att); + sftk_FreeObject(sourceKey); if (crv != CKR_OK) { - if (key) pk11_FreeObject(key); + if (key) sftk_FreeObject(key); return crv; } /* link the key object into the list */ if (key) { - PK11SessionObject *sessKey = pk11_narrowToSessionObject(key); + SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); PORT_Assert(sessKey); /* get the session */ sessKey->wasDerived = PR_TRUE; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_HOST_MEMORY; } - crv = pk11_handleObject(key,session); - pk11_FreeSession(session); + crv = sftk_handleObject(key,session); + sftk_FreeSession(session); *phKey = key->handle; - pk11_FreeObject(key); + sftk_FreeObject(key); } return crv; } @@ -5223,37 +5223,37 @@ CK_RV NSC_CancelFunction(CK_SESSION_HANDLE hSession) CK_RV NSC_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) { - PK11SessionContext *context; - PK11Session *session; + SFTKSessionContext *context; + SFTKSession *session; CK_RV crv; CK_ULONG pOSLen = *pulOperationStateLen; /* make sure we're legal */ - crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE, &session); + crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, &session); if (crv != CKR_OK) return crv; *pulOperationStateLen = context->cipherInfoLen + sizeof(CK_MECHANISM_TYPE) - + sizeof(PK11ContextType); + + sizeof(SFTKContextType); if (pOperationState == NULL) { - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } else { if (pOSLen < *pulOperationStateLen) { return CKR_BUFFER_TOO_SMALL; } } - PORT_Memcpy(pOperationState,&context->type,sizeof(PK11ContextType)); - pOperationState += sizeof(PK11ContextType); + PORT_Memcpy(pOperationState,&context->type,sizeof(SFTKContextType)); + pOperationState += sizeof(SFTKContextType); PORT_Memcpy(pOperationState,&context->currentMech, sizeof(CK_MECHANISM_TYPE)); pOperationState += sizeof(CK_MECHANISM_TYPE); PORT_Memcpy(pOperationState,context->cipherInfo,context->cipherInfoLen); - pk11_FreeSession(session); + sftk_FreeSession(session); return CKR_OK; } -#define pk11_Decrement(stateSize,len) \ +#define sftk_Decrement(stateSize,len) \ stateSize = ((stateSize) > (CK_ULONG)(len)) ? \ ((stateSize) - (CK_ULONG)(len)) : 0; @@ -5264,52 +5264,52 @@ CK_RV NSC_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) { - PK11SessionContext *context; - PK11Session *session; - PK11ContextType type; + SFTKSessionContext *context; + SFTKSession *session; + SFTKContextType type; CK_MECHANISM mech; CK_RV crv = CKR_OK; while (ulOperationStateLen != 0) { /* get what type of state we're dealing with... */ - PORT_Memcpy(&type,pOperationState, sizeof(PK11ContextType)); + PORT_Memcpy(&type,pOperationState, sizeof(SFTKContextType)); /* fix up session contexts based on type */ - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - context = pk11_ReturnContextByType(session, type); - pk11_SetContextByType(session, type, NULL); + context = sftk_ReturnContextByType(session, type); + sftk_SetContextByType(session, type, NULL); if (context) { - pk11_FreeContext(context); + sftk_FreeContext(context); } - pOperationState += sizeof(PK11ContextType); - pk11_Decrement(ulOperationStateLen,sizeof(PK11ContextType)); + pOperationState += sizeof(SFTKContextType); + sftk_Decrement(ulOperationStateLen,sizeof(SFTKContextType)); /* get the mechanism structure */ PORT_Memcpy(&mech.mechanism,pOperationState,sizeof(CK_MECHANISM_TYPE)); pOperationState += sizeof(CK_MECHANISM_TYPE); - pk11_Decrement(ulOperationStateLen, sizeof(CK_MECHANISM_TYPE)); + sftk_Decrement(ulOperationStateLen, sizeof(CK_MECHANISM_TYPE)); /* should be filled in... but not necessary for hash */ mech.pParameter = NULL; mech.ulParameterLen = 0; switch (type) { - case PK11_HASH: + case SFTK_HASH: crv = NSC_DigestInit(hSession,&mech); if (crv != CKR_OK) break; - crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE, + crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, NULL); if (crv != CKR_OK) break; PORT_Memcpy(context->cipherInfo,pOperationState, context->cipherInfoLen); pOperationState += context->cipherInfoLen; - pk11_Decrement(ulOperationStateLen,context->cipherInfoLen); + sftk_Decrement(ulOperationStateLen,context->cipherInfoLen); break; default: /* do sign/encrypt/decrypt later */ crv = CKR_SAVED_STATE_INVALID; } - pk11_FreeSession(session); + sftk_FreeSession(session); if (crv != CKR_OK) break; } return crv; @@ -5389,31 +5389,31 @@ CK_RV NSC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, */ CK_RV NSC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { - PK11Session *session = NULL; - PK11Object *key = NULL; - PK11Attribute *att; + SFTKSession *session = NULL; + SFTKObject *key = NULL; + SFTKAttribute *att; CK_RV crv; - session = pk11_SessionFromHandle(hSession); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - key = pk11_ObjectFromHandle(hKey,session); - pk11_FreeSession(session); + key = sftk_ObjectFromHandle(hKey,session); + sftk_FreeSession(session); if (key == NULL) return CKR_KEY_HANDLE_INVALID; /* PUT ANY DIGEST KEY RESTRICTION CHECKS HERE */ /* make sure it's a valid key for this operation */ if (key->objclass != CKO_SECRET_KEY) { - pk11_FreeObject(key); + sftk_FreeObject(key); return CKR_KEY_TYPE_INCONSISTENT; } /* get the key value */ - att = pk11_FindAttribute(key,CKA_VALUE); - pk11_FreeObject(key); + att = sftk_FindAttribute(key,CKA_VALUE); + sftk_FreeObject(key); crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, att->attrib.ulValueLen); - pk11_FreeAttribute(att); + sftk_FreeAttribute(att); return crv; } diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index c4c682c8b8af..de7f0f80c11b 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -121,30 +121,30 @@ /* NOSPREAD sessionID to hash table index macro has been slower. */ /* define typedefs, double as forward declarations as well */ -typedef struct PK11AttributeStr PK11Attribute; -typedef struct PK11ObjectListStr PK11ObjectList; -typedef struct PK11ObjectFreeListStr PK11ObjectFreeList; -typedef struct PK11ObjectListElementStr PK11ObjectListElement; -typedef struct PK11ObjectStr PK11Object; -typedef struct PK11SessionObjectStr PK11SessionObject; -typedef struct PK11TokenObjectStr PK11TokenObject; -typedef struct PK11SessionStr PK11Session; -typedef struct PK11SlotStr PK11Slot; -typedef struct PK11SessionContextStr PK11SessionContext; -typedef struct PK11SearchResultsStr PK11SearchResults; -typedef struct PK11HashVerifyInfoStr PK11HashVerifyInfo; -typedef struct PK11HashSignInfoStr PK11HashSignInfo; -typedef struct PK11SSLMACInfoStr PK11SSLMACInfo; +typedef struct SFTKAttributeStr SFTKAttribute; +typedef struct SFTKObjectListStr SFTKObjectList; +typedef struct SFTKObjectFreeListStr SFTKObjectFreeList; +typedef struct SFTKObjectListElementStr SFTKObjectListElement; +typedef struct SFTKObjectStr SFTKObject; +typedef struct SFTKSessionObjectStr SFTKSessionObject; +typedef struct SFTKTokenObjectStr SFTKTokenObject; +typedef struct SFTKSessionStr SFTKSession; +typedef struct SFTKSlotStr SFTKSlot; +typedef struct SFTKSessionContextStr SFTKSessionContext; +typedef struct SFTKSearchResultsStr SFTKSearchResults; +typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo; +typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; +typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo; /* define function pointer typdefs for pointer tables */ -typedef void (*PK11Destroy)(void *, PRBool); -typedef void (*PK11Begin)(void *); -typedef SECStatus (*PK11Cipher)(void *,void *,unsigned int *,unsigned int, +typedef void (*SFTKDestroy)(void *, PRBool); +typedef void (*SFTKBegin)(void *); +typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int, void *, unsigned int); -typedef SECStatus (*PK11Verify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*PK11Hash)(void *,void *,unsigned int); -typedef void (*PK11End)(void *,void *,unsigned int *,unsigned int); -typedef void (*PK11Free)(void *); +typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int); +typedef void (*SFTKHash)(void *,void *,unsigned int); +typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int); +typedef void (*SFTKFree)(void *); /* Value to tell if an attribute is modifiable or not. * NEVER: attribute is only set on creation. @@ -153,31 +153,31 @@ typedef void (*PK11Free)(void *); * ALWAYS: attribute can always be changed. */ typedef enum { - PK11_NEVER = 0, - PK11_ONCOPY = 1, - PK11_SENSITIVE = 2, - PK11_ALWAYS = 3 -} PK11ModifyType; + SFTK_NEVER = 0, + SFTK_ONCOPY = 1, + SFTK_SENSITIVE = 2, + SFTK_ALWAYS = 3 +} SFTKModifyType; /* * Free Status Enum... tell us more information when we think we're * deleting an object. */ typedef enum { - PK11_DestroyFailure, - PK11_Destroyed, - PK11_Busy -} PK11FreeStatus; + SFTK_DestroyFailure, + SFTK_Destroyed, + SFTK_Busy +} SFTKFreeStatus; /* * attribute values of an object. */ -struct PK11AttributeStr { - PK11Attribute *next; - PK11Attribute *prev; +struct SFTKAttributeStr { + SFTKAttribute *next; + SFTKAttribute *prev; PRBool freeAttr; PRBool freeData; - /*must be called handle to make pk11queue_find work */ + /*must be called handle to make sftkqueue_find work */ CK_ATTRIBUTE_TYPE handle; CK_ATTRIBUTE attrib; unsigned char space[ATTR_SPACE]; @@ -187,14 +187,14 @@ struct PK11AttributeStr { /* * doubly link list of objects */ -struct PK11ObjectListStr { - PK11ObjectList *next; - PK11ObjectList *prev; - PK11Object *parent; +struct SFTKObjectListStr { + SFTKObjectList *next; + SFTKObjectList *prev; + SFTKObject *parent; }; -struct PK11ObjectFreeListStr { - PK11Object *head; +struct SFTKObjectFreeListStr { + SFTKObject *head; PZLock *lock; int count; }; @@ -202,48 +202,48 @@ struct PK11ObjectFreeListStr { /* * PKCS 11 crypto object structure */ -struct PK11ObjectStr { - PK11Object *next; - PK11Object *prev; +struct SFTKObjectStr { + SFTKObject *next; + SFTKObject *prev; CK_OBJECT_CLASS objclass; CK_OBJECT_HANDLE handle; int refCount; PZLock *refLock; - PK11Slot *slot; + SFTKSlot *slot; void *objectInfo; - PK11Free infoFree; + SFTKFree infoFree; }; -struct PK11TokenObjectStr { - PK11Object obj; +struct SFTKTokenObjectStr { + SFTKObject obj; SECItem dbKey; }; -struct PK11SessionObjectStr { - PK11Object obj; - PK11ObjectList sessionList; +struct SFTKSessionObjectStr { + SFTKObject obj; + SFTKObjectList sessionList; PZLock *attributeLock; - PK11Session *session; + SFTKSession *session; PRBool wasDerived; int nextAttr; - PK11Attribute attrList[MAX_OBJS_ATTRS]; + SFTKAttribute attrList[MAX_OBJS_ATTRS]; PRBool optimizeSpace; unsigned int hashSize; - PK11Attribute *head[1]; + SFTKAttribute *head[1]; }; /* * struct to deal with a temparary list of objects */ -struct PK11ObjectListElementStr { - PK11ObjectListElement *next; - PK11Object *object; +struct SFTKObjectListElementStr { + SFTKObjectListElement *next; + SFTKObject *object; }; /* * Area to hold Search results */ -struct PK11SearchResultsStr { +struct SFTKSearchResultsStr { CK_OBJECT_HANDLE *handles; int size; int index; @@ -255,50 +255,50 @@ struct PK11SearchResultsStr { * the universal crypto/hash/sign/verify context structure */ typedef enum { - PK11_ENCRYPT, - PK11_DECRYPT, - PK11_HASH, - PK11_SIGN, - PK11_SIGN_RECOVER, - PK11_VERIFY, - PK11_VERIFY_RECOVER -} PK11ContextType; + SFTK_ENCRYPT, + SFTK_DECRYPT, + SFTK_HASH, + SFTK_SIGN, + SFTK_SIGN_RECOVER, + SFTK_VERIFY, + SFTK_VERIFY_RECOVER +} SFTKContextType; -#define PK11_MAX_BLOCK_SIZE 16 +#define SFTK_MAX_BLOCK_SIZE 16 /* currently SHA512 is the biggest hash length */ -#define PK11_MAX_MAC_LENGTH 64 -#define PK11_INVALID_MAC_SIZE 0xffffffff +#define SFTK_MAX_MAC_LENGTH 64 +#define SFTK_INVALID_MAC_SIZE 0xffffffff -struct PK11SessionContextStr { - PK11ContextType type; +struct SFTKSessionContextStr { + SFTKContextType type; PRBool multi; /* is multipart */ PRBool doPad; /* use PKCS padding for block ciphers */ unsigned int blockSize; /* blocksize for padding */ unsigned int padDataLength; /* length of the valid data in padbuf */ - unsigned char padBuf[PK11_MAX_BLOCK_SIZE]; - unsigned char macBuf[PK11_MAX_BLOCK_SIZE]; + unsigned char padBuf[SFTK_MAX_BLOCK_SIZE]; + unsigned char macBuf[SFTK_MAX_BLOCK_SIZE]; CK_ULONG macSize; /* size of a general block cipher mac*/ void *cipherInfo; void *hashInfo; unsigned int cipherInfoLen; CK_MECHANISM_TYPE currentMech; - PK11Cipher update; - PK11Hash hashUpdate; - PK11End end; - PK11Destroy destroy; - PK11Destroy hashdestroy; - PK11Verify verify; + SFTKCipher update; + SFTKHash hashUpdate; + SFTKEnd end; + SFTKDestroy destroy; + SFTKDestroy hashdestroy; + SFTKVerify verify; unsigned int maxLen; - PK11Object *key; + SFTKObject *key; }; /* * Sessions (have objects) */ -struct PK11SessionStr { - PK11Session *next; - PK11Session *prev; +struct SFTKSessionStr { + SFTKSession *next; + SFTKSession *prev; CK_SESSION_HANDLE handle; int refCount; PZLock *objectLock; @@ -306,12 +306,12 @@ struct PK11SessionStr { CK_SESSION_INFO info; CK_NOTIFY notify; CK_VOID_PTR appData; - PK11Slot *slot; - PK11SearchResults *search; - PK11SessionContext *enc_context; - PK11SessionContext *hash_context; - PK11SessionContext *sign_context; - PK11ObjectList *objects[1]; + SFTKSlot *slot; + SFTKSearchResults *search; + SFTKSessionContext *enc_context; + SFTKSessionContext *hash_context; + SFTKSessionContext *sign_context; + SFTKObjectList *objects[1]; }; /* @@ -324,7 +324,7 @@ struct PK11SessionStr { * and slotLock protects the remaining protected elements: * password, isLoggedIn, ssoLoggedIn, and sessionCount */ -struct PK11SlotStr { +struct SFTKSlotStr { CK_SLOT_ID slotID; PZLock *slotLock; PZLock **sessionLock; @@ -349,9 +349,9 @@ struct PK11SlotStr { int tokenIDCount; int index; PLHashTable *tokenHashTable; - PK11Object **tokObjects; + SFTKObject **tokObjects; unsigned int tokObjHashSize; - PK11Session **head; + SFTKSession **head; unsigned int sessHashSize; char tokDescription[33]; char slotDescription[64]; @@ -360,22 +360,22 @@ struct PK11SlotStr { /* * special joint operations Contexts */ -struct PK11HashVerifyInfoStr { +struct SFTKHashVerifyInfoStr { SECOidTag hashOid; NSSLOWKEYPublicKey *key; }; -struct PK11HashSignInfoStr { +struct SFTKHashSignInfoStr { SECOidTag hashOid; NSSLOWKEYPrivateKey *key; }; /* context for the Final SSLMAC message */ -struct PK11SSLMACInfoStr { +struct SFTKSSLMACInfoStr { void *hashContext; - PK11Begin begin; - PK11Hash update; - PK11End end; + SFTKBegin begin; + SFTKHash update; + SFTKEnd end; CK_ULONG macSize; int padSize; unsigned char key[MAX_KEY_LEN]; @@ -385,27 +385,27 @@ struct PK11SSLMACInfoStr { /* * session handle modifiers */ -#define PK11_SESSION_SLOT_MASK 0xff000000L +#define SFTK_SESSION_SLOT_MASK 0xff000000L /* * object handle modifiers */ -#define PK11_TOKEN_MASK 0x80000000L -#define PK11_TOKEN_MAGIC 0x80000000L -#define PK11_TOKEN_TYPE_MASK 0x70000000L +#define SFTK_TOKEN_MASK 0x80000000L +#define SFTK_TOKEN_MAGIC 0x80000000L +#define SFTK_TOKEN_TYPE_MASK 0x70000000L /* keydb (high bit == 0) */ -#define PK11_TOKEN_TYPE_PRIV 0x10000000L -#define PK11_TOKEN_TYPE_PUB 0x20000000L -#define PK11_TOKEN_TYPE_KEY 0x30000000L +#define SFTK_TOKEN_TYPE_PRIV 0x10000000L +#define SFTK_TOKEN_TYPE_PUB 0x20000000L +#define SFTK_TOKEN_TYPE_KEY 0x30000000L /* certdb (high bit == 1) */ -#define PK11_TOKEN_TYPE_TRUST 0x40000000L -#define PK11_TOKEN_TYPE_CRL 0x50000000L -#define PK11_TOKEN_TYPE_SMIME 0x60000000L -#define PK11_TOKEN_TYPE_CERT 0x70000000L +#define SFTK_TOKEN_TYPE_TRUST 0x40000000L +#define SFTK_TOKEN_TYPE_CRL 0x50000000L +#define SFTK_TOKEN_TYPE_SMIME 0x60000000L +#define SFTK_TOKEN_TYPE_CERT 0x70000000L -#define PK11_TOKEN_KRL_HANDLE (PK11_TOKEN_MAGIC|PK11_TOKEN_TYPE_CRL|1) +#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1) /* how big a password/pin we can deal with */ -#define PK11_MAX_PIN 255 +#define SFTK_MAX_PIN 255 /* slot ID's */ #define NETSCAPE_SLOT_ID 1 @@ -413,39 +413,39 @@ struct PK11SSLMACInfoStr { #define FIPS_SLOT_ID 3 /* slot helper macros */ -#define pk11_SlotFromSession(sp) ((sp)->slot) -#define pk11_isToken(id) (((id) & PK11_TOKEN_MASK) == PK11_TOKEN_MAGIC) +#define sftk_SlotFromSession(sp) ((sp)->slot) +#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC) /* the session hash multiplier (see bug 201081) */ #define SHMULTIPLIER 1791398085 /* queueing helper macros */ -#define pk11_hash(value,size) \ +#define sftk_hash(value,size) \ ((PRUint32)((value) * SHMULTIPLIER) & (size-1)) -#define pk11queue_add(element,id,head,hash_size) \ - { int tmp = pk11_hash(id,hash_size); \ +#define sftkqueue_add(element,id,head,hash_size) \ + { int tmp = sftk_hash(id,hash_size); \ (element)->next = (head)[tmp]; \ (element)->prev = NULL; \ if ((head)[tmp]) (head)[tmp]->prev = (element); \ (head)[tmp] = (element); } -#define pk11queue_find(element,id,head,hash_size) \ - for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \ +#define sftkqueue_find(element,id,head,hash_size) \ + for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \ (element) = (element)->next) { \ if ((element)->handle == (id)) { break; } } -#define pk11queue_is_queued(element,id,head,hash_size) \ +#define sftkqueue_is_queued(element,id,head,hash_size) \ ( ((element)->next) || ((element)->prev) || \ - ((head)[pk11_hash(id,hash_size)] == (element)) ) -#define pk11queue_delete(element,id,head,hash_size) \ + ((head)[sftk_hash(id,hash_size)] == (element)) ) +#define sftkqueue_delete(element,id,head,hash_size) \ if ((element)->next) (element)->next->prev = (element)->prev; \ if ((element)->prev) (element)->prev->next = (element)->next; \ - else (head)[pk11_hash(id,hash_size)] = ((element)->next); \ + else (head)[sftk_hash(id,hash_size)] = ((element)->next); \ (element)->next = NULL; \ (element)->prev = NULL; \ -#define pk11queue_init_element(element) \ +#define sftkqueue_init_element(element) \ (element)->prev = NULL; -#define pk11queue_add2(element, id, index, head) \ +#define sftkqueue_add2(element, id, index, head) \ { \ (element)->next = (head)[index]; \ if ((head)[index]) \ @@ -453,19 +453,19 @@ struct PK11SSLMACInfoStr { (head)[index] = (element); \ } -#define pk11queue_find2(element, id, index, head) \ +#define sftkqueue_find2(element, id, index, head) \ for ( (element) = (head)[index]; \ (element) != NULL; \ (element) = (element)->next) { \ if ((element)->handle == (id)) { break; } \ } -#define pk11queue_delete2(element, id, index, head) \ +#define sftkqueue_delete2(element, id, index, head) \ if ((element)->next) (element)->next->prev = (element)->prev; \ if ((element)->prev) (element)->prev->next = (element)->next; \ else (head)[index] = ((element)->next); -#define pk11queue_clear_deleted_element(element) \ +#define sftkqueue_clear_deleted_element(element) \ (element)->next = NULL; \ (element)->prev = NULL; \ @@ -473,20 +473,20 @@ struct PK11SSLMACInfoStr { /* sessionID (handle) is used to determine session lock bucket */ #ifdef NOSPREAD /* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */ -#define PK11_SESSION_LOCK(slot,handle) \ +#define SFTK_SESSION_LOCK(slot,handle) \ ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \ & (slot)->sessionLockMask]) #else /* SPREAD: ID & (perbucket-1) */ -#define PK11_SESSION_LOCK(slot,handle) \ +#define SFTK_SESSION_LOCK(slot,handle) \ ((slot)->sessionLock[(handle) & (slot)->sessionLockMask]) #endif /* expand an attribute & secitem structures out */ -#define pk11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen -#define pk11_item_expand(ip) (ip)->data,(ip)->len +#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen +#define sftk_item_expand(ip) (ip)->data,(ip)->len -typedef struct pk11_token_parametersStr { +typedef struct sftk_token_parametersStr { CK_SLOT_ID slotID; char *configdir; char *certPrefix; @@ -500,9 +500,9 @@ typedef struct pk11_token_parametersStr { PRBool forceOpen; PRBool pwRequired; PRBool optimizeSpace; -} pk11_token_parameters; +} sftk_token_parameters; -typedef struct pk11_parametersStr { +typedef struct sftk_parametersStr { char *configdir; char *secmodName; char *man; @@ -513,9 +513,9 @@ typedef struct pk11_parametersStr { PRBool forceOpen; PRBool pwRequired; PRBool optimizeSpace; - pk11_token_parameters *tokens; + sftk_token_parameters *tokens; int token_count; -} pk11_parameters; +} sftk_parameters; /* machine dependent path stuff used by dbinit.c and pk11db.c */ @@ -538,88 +538,88 @@ extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS); extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex); -/* shared functions between PKCS11.c and PK11FIPS.c */ -extern CK_RV PK11_SlotInit(char *configdir,pk11_token_parameters *params, +/* shared functions between PKCS11.c and SFTKFIPS.c */ +extern CK_RV SFTK_SlotInit(char *configdir,sftk_token_parameters *params, int moduleIndex); /* internal utility functions used by pkcs11.c */ -extern PK11Attribute *pk11_FindAttribute(PK11Object *object, +extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); -extern void pk11_FreeAttribute(PK11Attribute *attribute); -extern CK_RV pk11_AddAttributeType(PK11Object *object, CK_ATTRIBUTE_TYPE type, +extern void sftk_FreeAttribute(SFTKAttribute *attribute); +extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *valPtr, CK_ULONG length); -extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern unsigned int pk11_GetLengthInBits(unsigned char *buf, +extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, + SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern unsigned int sftk_GetLengthInBits(unsigned char *buf, unsigned int bufLen); -extern CK_RV pk11_ConstrainAttribute(PK11Object *object, +extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple); -extern PRBool pk11_hasAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern PRBool pk11_isTrue(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern void pk11_DeleteAttributeType(PK11Object *object, +extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern void sftk_DeleteAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, +extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, + SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, + SFTKObject *object, CK_ATTRIBUTE_TYPE type); -extern PK11ModifyType pk11_modifyType(CK_ATTRIBUTE_TYPE type, +extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); -extern PRBool pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); -extern char *pk11_getString(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern void pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, +extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); +extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type); +extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, CK_ULONG *longData); -extern CK_RV pk11_forceAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, +extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len); -extern CK_RV pk11_defaultAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, +extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len); -extern unsigned int pk11_MapTrust(CK_TRUST trust, PRBool clientAuth); +extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth); -extern PK11Object *pk11_NewObject(PK11Slot *slot); -extern CK_RV pk11_CopyObject(PK11Object *destObject, PK11Object *srcObject); -extern PK11FreeStatus pk11_FreeObject(PK11Object *object); -extern CK_RV pk11_DeleteObject(PK11Session *session, PK11Object *object); -extern void pk11_ReferenceObject(PK11Object *object); -extern PK11Object *pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle, - PK11Session *session); -extern void pk11_AddSlotObject(PK11Slot *slot, PK11Object *object); -extern void pk11_AddObject(PK11Session *session, PK11Object *object); +extern SFTKObject *sftk_NewObject(SFTKSlot *slot); +extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject); +extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object); +extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object); +extern void sftk_ReferenceObject(SFTKObject *object); +extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, + SFTKSession *session); +extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object); +extern void sftk_AddObject(SFTKSession *session, SFTKObject *object); -extern CK_RV pk11_searchObjectList(PK11SearchResults *search, - PK11Object **head, unsigned int size, +extern CK_RV sftk_searchObjectList(SFTKSearchResults *search, + SFTKObject **head, unsigned int size, PZLock *lock, CK_ATTRIBUTE_PTR inTemplate, int count, PRBool isLoggedIn); -extern PK11ObjectListElement *pk11_FreeObjectListElement( - PK11ObjectListElement *objectList); -extern void pk11_FreeObjectList(PK11ObjectListElement *objectList); -extern void pk11_FreeSearch(PK11SearchResults *search); -extern CK_RV pk11_handleObject(PK11Object *object, PK11Session *session); +extern SFTKObjectListElement *sftk_FreeObjectListElement( + SFTKObjectListElement *objectList); +extern void sftk_FreeObjectList(SFTKObjectListElement *objectList); +extern void sftk_FreeSearch(SFTKSearchResults *search); +extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session); -extern PK11Slot *pk11_SlotFromID(CK_SLOT_ID slotID); -extern PK11Slot *pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle); -extern PK11Session *pk11_SessionFromHandle(CK_SESSION_HANDLE handle); -extern void pk11_FreeSession(PK11Session *session); -extern PK11Session *pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, +extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID); +extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle); +extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); +extern void sftk_FreeSession(SFTKSession *session); +extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, CK_FLAGS flags); -extern void pk11_update_state(PK11Slot *slot,PK11Session *session); -extern void pk11_update_all_states(PK11Slot *slot); -extern void pk11_FreeContext(PK11SessionContext *context); -extern void pk11_InitFreeLists(void); -extern void pk11_CleanupFreeLists(void); +extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session); +extern void sftk_update_all_states(SFTKSlot *slot); +extern void sftk_FreeContext(SFTKSessionContext *context); +extern void sftk_InitFreeLists(void); +extern void sftk_CleanupFreeLists(void); -extern NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object, +extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp); -extern NSSLOWKEYPrivateKey *pk11_GetPrivKey(PK11Object *object, +extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp); -extern void pk11_FormatDESKey(unsigned char *key, int length); -extern PRBool pk11_CheckDESKey(unsigned char *key); -extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); +extern void sftk_FormatDESKey(unsigned char *key, int length); +extern PRBool sftk_CheckDESKey(unsigned char *key); +extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); -extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed, +extern CK_RV secmod_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS); -extern void secmod_freeParams(pk11_parameters *params); +extern void secmod_freeParams(sftk_parameters *params); extern char *secmod_getSecmodName(char *params, char **domain, char **filename, PRBool *rw); extern char ** secmod_ReadPermDB(const char *domain, const char *filename, @@ -631,7 +631,7 @@ extern SECStatus secmod_AddPermDB(const char *domain, const char *filename, extern SECStatus secmod_ReleasePermDBData(const char *domain, const char *filename, const char *dbname, char **specList, PRBool rw); /* mechanism allows this operation */ -extern CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op); +extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op); /* * OK there are now lots of options here, lets go through them all: * @@ -649,47 +649,47 @@ extern CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE * forceOpen - Continue to force initializations even if the databases cannot * be opened. */ -CK_RV pk11_DBInit(const char *configdir, const char *certPrefix, +CK_RV sftk_DBInit(const char *configdir, const char *certPrefix, const char *keyPrefix, PRBool readOnly, PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen, NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB); -void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, +void sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, NSSLOWKEYDBHandle *keyHandle); -const char *pk11_EvaluateConfigDir(const char *configdir, char **domain); +const char *sftk_EvaluateConfigDir(const char *configdir, char **domain); /* * narrow objects */ -PK11SessionObject * pk11_narrowToSessionObject(PK11Object *); -PK11TokenObject * pk11_narrowToTokenObject(PK11Object *); +SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *); +SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *); /* * token object utilities */ -void pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle); -PRBool pk11_poisonHandle(PK11Slot *slot, SECItem *dbkey, +void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle); +PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, CK_OBJECT_HANDLE handle); -PRBool pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, +PRBool sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, CK_ATTRIBUTE_PTR theTemplate,int count); -CK_OBJECT_HANDLE pk11_mkHandle(PK11Slot *slot, +CK_OBJECT_HANDLE sftk_mkHandle(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class); -PK11Object * pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey, +SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle); -PK11TokenObject *pk11_convertSessionToToken(PK11Object *so); +SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so); /**************************************** * implement TLS Pseudo Random Function (PRF) */ extern SECStatus -pk11_PRF(const SECItem *secret, const char *label, SECItem *seed, +sftk_PRF(const SECItem *secret, const char *label, SECItem *seed, SECItem *result, PRBool isFIPS); extern CK_RV -pk11_TLSPRFInit(PK11SessionContext *context, - PK11Object * key, +sftk_TLSPRFInit(SFTKSessionContext *context, + SFTKObject * key, CK_KEY_TYPE key_type); SEC_END_PROTOS diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index ee92fb80884c..72a633b8139f 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -55,13 +55,13 @@ * create a new attribute with type, value, and length. Space is allocated * to hold value. */ -static PK11Attribute * -pk11_NewAttribute(PK11Object *object, +static SFTKAttribute * +sftk_NewAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len) { - PK11Attribute *attribute; + SFTKAttribute *attribute; - PK11SessionObject *so = pk11_narrowToSessionObject(object); + SFTKSessionObject *so = sftk_narrowToSessionObject(object); int index; if (so == NULL) { @@ -106,13 +106,13 @@ pk11_NewAttribute(PK11Object *object, return attribute; } -static PK11Attribute * -pk11_NewTokenAttribute(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, +static SFTKAttribute * +sftk_NewTokenAttribute(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len, PRBool copy) { - PK11Attribute *attribute; + SFTKAttribute *attribute; - attribute = (PK11Attribute*)PORT_Alloc(sizeof(PK11Attribute)); + attribute = (SFTKAttribute*)PORT_Alloc(sizeof(SFTKAttribute)); if (attribute == NULL) return NULL; attribute->attrib.type = type; @@ -147,8 +147,8 @@ pk11_NewTokenAttribute(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, return attribute; } -static PK11Attribute * -pk11_NewTokenAttributeSigned(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, +static SFTKAttribute * +sftk_NewTokenAttributeSigned(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len, PRBool copy) { unsigned char * dval = (unsigned char *)value; @@ -156,7 +156,7 @@ pk11_NewTokenAttributeSigned(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, dval++; len--; } - return pk11_NewTokenAttribute(type,dval,len,copy); + return sftk_NewTokenAttribute(type,dval,len,copy); } /* @@ -164,7 +164,7 @@ pk11_NewTokenAttributeSigned(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, * must be zero to call this. */ static void -pk11_DestroyAttribute(PK11Attribute *attribute) +sftk_DestroyAttribute(SFTKAttribute *attribute) { if (attribute->freeData) { if (attribute->attrib.pValue) { @@ -182,62 +182,62 @@ pk11_DestroyAttribute(PK11Attribute *attribute) * release a reference to an attribute structure */ void -pk11_FreeAttribute(PK11Attribute *attribute) +sftk_FreeAttribute(SFTKAttribute *attribute) { if (attribute->freeAttr) { - pk11_DestroyAttribute(attribute); + sftk_DestroyAttribute(attribute); return; } } -#define PK11_DEF_ATTRIBUTE(value,len) \ +#define SFTK_DEF_ATTRIBUTE(value,len) \ { NULL, NULL, PR_FALSE, PR_FALSE, 0, { 0, value, len } } -CK_BBOOL pk11_staticTrueValue = CK_TRUE; -CK_BBOOL pk11_staticFalseValue = CK_FALSE; -static const PK11Attribute pk11_StaticTrueAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticTrueValue,sizeof(pk11_staticTrueValue)); -static const PK11Attribute pk11_StaticFalseAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticFalseValue,sizeof(pk11_staticFalseValue)); -static const PK11Attribute pk11_StaticNullAttr = PK11_DEF_ATTRIBUTE(NULL,0); -char pk11_StaticOneValue = 1; -static const PK11Attribute pk11_StaticOneAttr = - PK11_DEF_ATTRIBUTE(&pk11_StaticOneValue,sizeof(pk11_StaticOneValue)); +CK_BBOOL sftk_staticTrueValue = CK_TRUE; +CK_BBOOL sftk_staticFalseValue = CK_FALSE; +static const SFTKAttribute sftk_StaticTrueAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticTrueValue,sizeof(sftk_staticTrueValue)); +static const SFTKAttribute sftk_StaticFalseAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticFalseValue,sizeof(sftk_staticFalseValue)); +static const SFTKAttribute sftk_StaticNullAttr = SFTK_DEF_ATTRIBUTE(NULL,0); +char sftk_StaticOneValue = 1; +static const SFTKAttribute sftk_StaticOneAttr = + SFTK_DEF_ATTRIBUTE(&sftk_StaticOneValue,sizeof(sftk_StaticOneValue)); -CK_CERTIFICATE_TYPE pk11_staticX509Value = CKC_X_509; -static const PK11Attribute pk11_StaticX509Attr = - PK11_DEF_ATTRIBUTE(&pk11_staticX509Value, sizeof(pk11_staticX509Value)); -CK_TRUST pk11_staticTrustedValue = CKT_NETSCAPE_TRUSTED; -CK_TRUST pk11_staticTrustedDelegatorValue = CKT_NETSCAPE_TRUSTED_DELEGATOR; -CK_TRUST pk11_staticValidDelegatorValue = CKT_NETSCAPE_VALID_DELEGATOR; -CK_TRUST pk11_staticUnTrustedValue = CKT_NETSCAPE_UNTRUSTED; -CK_TRUST pk11_staticTrustUnknownValue = CKT_NETSCAPE_TRUST_UNKNOWN; -CK_TRUST pk11_staticValidPeerValue = CKT_NETSCAPE_VALID; -CK_TRUST pk11_staticMustVerifyValue = CKT_NETSCAPE_MUST_VERIFY; -static const PK11Attribute pk11_StaticTrustedAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticTrustedValue, - sizeof(pk11_staticTrustedValue)); -static const PK11Attribute pk11_StaticTrustedDelegatorAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticTrustedDelegatorValue, - sizeof(pk11_staticTrustedDelegatorValue)); -static const PK11Attribute pk11_StaticValidDelegatorAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticValidDelegatorValue, - sizeof(pk11_staticValidDelegatorValue)); -static const PK11Attribute pk11_StaticUnTrustedAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticUnTrustedValue, - sizeof(pk11_staticUnTrustedValue)); -static const PK11Attribute pk11_StaticTrustUnknownAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticTrustUnknownValue, - sizeof(pk11_staticTrustUnknownValue)); -static const PK11Attribute pk11_StaticValidPeerAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticValidPeerValue, - sizeof(pk11_staticValidPeerValue)); -static const PK11Attribute pk11_StaticMustVerifyAttr = - PK11_DEF_ATTRIBUTE(&pk11_staticMustVerifyValue, - sizeof(pk11_staticMustVerifyValue)); +CK_CERTIFICATE_TYPE sftk_staticX509Value = CKC_X_509; +static const SFTKAttribute sftk_StaticX509Attr = + SFTK_DEF_ATTRIBUTE(&sftk_staticX509Value, sizeof(sftk_staticX509Value)); +CK_TRUST sftk_staticTrustedValue = CKT_NETSCAPE_TRUSTED; +CK_TRUST sftk_staticTrustedDelegatorValue = CKT_NETSCAPE_TRUSTED_DELEGATOR; +CK_TRUST sftk_staticValidDelegatorValue = CKT_NETSCAPE_VALID_DELEGATOR; +CK_TRUST sftk_staticUnTrustedValue = CKT_NETSCAPE_UNTRUSTED; +CK_TRUST sftk_staticTrustUnknownValue = CKT_NETSCAPE_TRUST_UNKNOWN; +CK_TRUST sftk_staticValidPeerValue = CKT_NETSCAPE_VALID; +CK_TRUST sftk_staticMustVerifyValue = CKT_NETSCAPE_MUST_VERIFY; +static const SFTKAttribute sftk_StaticTrustedAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticTrustedValue, + sizeof(sftk_staticTrustedValue)); +static const SFTKAttribute sftk_StaticTrustedDelegatorAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticTrustedDelegatorValue, + sizeof(sftk_staticTrustedDelegatorValue)); +static const SFTKAttribute sftk_StaticValidDelegatorAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticValidDelegatorValue, + sizeof(sftk_staticValidDelegatorValue)); +static const SFTKAttribute sftk_StaticUnTrustedAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticUnTrustedValue, + sizeof(sftk_staticUnTrustedValue)); +static const SFTKAttribute sftk_StaticTrustUnknownAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticTrustUnknownValue, + sizeof(sftk_staticTrustUnknownValue)); +static const SFTKAttribute sftk_StaticValidPeerAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticValidPeerValue, + sizeof(sftk_staticValidPeerValue)); +static const SFTKAttribute sftk_StaticMustVerifyAttr = + SFTK_DEF_ATTRIBUTE(&sftk_staticMustVerifyValue, + sizeof(sftk_staticMustVerifyValue)); static certDBEntrySMime * -pk11_getSMime(PK11TokenObject *object) +sftk_getSMime(SFTKTokenObject *object) { certDBEntrySMime *entry; @@ -251,12 +251,12 @@ pk11_getSMime(PK11TokenObject *object) entry = nsslowcert_ReadDBSMimeEntry(object->obj.slot->certDB, (char *)object->dbKey.data); object->obj.objectInfo = (void *)entry; - object->obj.infoFree = (PK11Free) nsslowcert_DestroyDBEntry; + object->obj.infoFree = (SFTKFree) nsslowcert_DestroyDBEntry; return entry; } static certDBEntryRevocation * -pk11_getCrl(PK11TokenObject *object) +sftk_getCrl(SFTKTokenObject *object) { certDBEntryRevocation *crl; PRBool isKrl; @@ -268,16 +268,16 @@ pk11_getCrl(PK11TokenObject *object) return (certDBEntryRevocation *)object->obj.objectInfo; } - isKrl = (PRBool) object->obj.handle == PK11_TOKEN_KRL_HANDLE; + isKrl = (PRBool) object->obj.handle == SFTK_TOKEN_KRL_HANDLE; crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB, &object->dbKey, isKrl); object->obj.objectInfo = (void *)crl; - object->obj.infoFree = (PK11Free) nsslowcert_DestroyDBEntry; + object->obj.infoFree = (SFTKFree) nsslowcert_DestroyDBEntry; return crl; } static NSSLOWCERTCertificate * -pk11_getCert(PK11TokenObject *object) +sftk_getCert(SFTKTokenObject *object) { NSSLOWCERTCertificate *cert; CK_OBJECT_CLASS objClass = object->obj.objclass; @@ -291,13 +291,13 @@ pk11_getCert(PK11TokenObject *object) cert = nsslowcert_FindCertByKey(object->obj.slot->certDB,&object->dbKey); if (objClass == CKO_CERTIFICATE) { object->obj.objectInfo = (void *)cert; - object->obj.infoFree = (PK11Free) nsslowcert_DestroyCertificate ; + object->obj.infoFree = (SFTKFree) nsslowcert_DestroyCertificate ; } return cert; } static NSSLOWCERTTrust * -pk11_getTrust(PK11TokenObject *object) +sftk_getTrust(SFTKTokenObject *object) { NSSLOWCERTTrust *trust; @@ -309,12 +309,12 @@ pk11_getTrust(PK11TokenObject *object) } trust = nsslowcert_FindTrustByKey(object->obj.slot->certDB,&object->dbKey); object->obj.objectInfo = (void *)trust; - object->obj.infoFree = (PK11Free) nsslowcert_DestroyTrust ; + object->obj.infoFree = (SFTKFree) nsslowcert_DestroyTrust ; return trust; } static NSSLOWKEYPublicKey * -pk11_GetPublicKey(PK11TokenObject *object) +sftk_GetPublicKey(SFTKTokenObject *object) { NSSLOWKEYPublicKey *pubKey; NSSLOWKEYPrivateKey *privKey; @@ -333,12 +333,12 @@ pk11_GetPublicKey(PK11TokenObject *object) pubKey = nsslowkey_ConvertToPublicKey(privKey); nsslowkey_DestroyPrivateKey(privKey); object->obj.objectInfo = (void *) pubKey; - object->obj.infoFree = (PK11Free) nsslowkey_DestroyPublicKey ; + object->obj.infoFree = (SFTKFree) nsslowkey_DestroyPublicKey ; return pubKey; } static NSSLOWKEYPrivateKey * -pk11_GetPrivateKey(PK11TokenObject *object) +sftk_GetPrivateKey(SFTKTokenObject *object) { NSSLOWKEYPrivateKey *privKey; @@ -355,17 +355,17 @@ pk11_GetPrivateKey(PK11TokenObject *object) return NULL; } object->obj.objectInfo = (void *) privKey; - object->obj.infoFree = (PK11Free) nsslowkey_DestroyPrivateKey ; + object->obj.infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey ; return privKey; } -/* pk11_GetPubItem returns data associated with the public key. +/* sftk_GetPubItem returns data associated with the public key. * one only needs to free the public key. This comment is here * because this sematic would be non-obvious otherwise. All callers * should include this comment. */ static SECItem * -pk11_GetPubItem(NSSLOWKEYPublicKey *pubKey) { +sftk_GetPubItem(NSSLOWKEYPublicKey *pubKey) { SECItem *pubItem = NULL; /* get value to compare from the cert's public key */ switch ( pubKey->keyType ) { @@ -389,35 +389,35 @@ pk11_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } -static const SEC_ASN1Template pk11_SerialTemplate[] = { +static const SEC_ASN1Template sftk_SerialTemplate[] = { { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, { 0 } }; -static PK11Attribute * -pk11_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_RSA; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.rsa.modulus.data,key->u.rsa.modulus.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_ENCRYPT: case CKA_VERIFY: case CKA_VERIFY_RECOVER: case CKA_WRAP: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_MODULUS: - return pk11_NewTokenAttributeSigned(type,key->u.rsa.modulus.data, + return sftk_NewTokenAttributeSigned(type,key->u.rsa.modulus.data, key->u.rsa.modulus.len, PR_FALSE); case CKA_PUBLIC_EXPONENT: - return pk11_NewTokenAttributeSigned(type,key->u.rsa.publicExponent.data, + return sftk_NewTokenAttributeSigned(type,key->u.rsa.publicExponent.data, key->u.rsa.publicExponent.len, PR_FALSE); default: break; @@ -425,38 +425,38 @@ pk11_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindDSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindDSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_DSA; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.dsa.publicValue.data, key->u.dsa.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: case CKA_ENCRYPT: case CKA_VERIFY_RECOVER: case CKA_WRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_VERIFY: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_VALUE: - return pk11_NewTokenAttributeSigned(type,key->u.dsa.publicValue.data, + return sftk_NewTokenAttributeSigned(type,key->u.dsa.publicValue.data, key->u.dsa.publicValue.len, PR_FALSE); case CKA_PRIME: - return pk11_NewTokenAttributeSigned(type,key->u.dsa.params.prime.data, + return sftk_NewTokenAttributeSigned(type,key->u.dsa.params.prime.data, key->u.dsa.params.prime.len, PR_FALSE); case CKA_SUBPRIME: - return pk11_NewTokenAttributeSigned(type, + return sftk_NewTokenAttributeSigned(type, key->u.dsa.params.subPrime.data, key->u.dsa.params.subPrime.len, PR_FALSE); case CKA_BASE: - return pk11_NewTokenAttributeSigned(type,key->u.dsa.params.base.data, + return sftk_NewTokenAttributeSigned(type,key->u.dsa.params.base.data, key->u.dsa.params.base.len, PR_FALSE); default: break; @@ -464,33 +464,33 @@ pk11_FindDSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_DH; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.dh.publicValue.data,key->u.dh.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_ENCRYPT: case CKA_VERIFY: case CKA_VERIFY_RECOVER: case CKA_WRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_VALUE: - return pk11_NewTokenAttributeSigned(type,key->u.dh.publicValue.data, + return sftk_NewTokenAttributeSigned(type,key->u.dh.publicValue.data, key->u.dh.publicValue.len, PR_FALSE); case CKA_PRIME: - return pk11_NewTokenAttributeSigned(type,key->u.dh.prime.data, + return sftk_NewTokenAttributeSigned(type,key->u.dh.prime.data, key->u.dh.prime.len, PR_FALSE); case CKA_BASE: - return pk11_NewTokenAttributeSigned(type,key->u.dh.base.data, + return sftk_NewTokenAttributeSigned(type,key->u.dh.base.data, key->u.dh.base.len, PR_FALSE); default: break; @@ -499,35 +499,35 @@ pk11_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) } #ifdef NSS_ENABLE_ECC -static PK11Attribute * -pk11_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_EC; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash, key->u.ec.publicValue.data, key->u.ec.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: case CKA_VERIFY: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_ENCRYPT: case CKA_VERIFY_RECOVER: case CKA_WRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_EC_PARAMS: /* XXX Why is the last arg PR_FALSE? */ - return pk11_NewTokenAttributeSigned(type, + return sftk_NewTokenAttributeSigned(type, key->u.ec.ecParams.DEREncoding.data, key->u.ec.ecParams.DEREncoding.len, PR_FALSE); case CKA_EC_POINT: /* XXX Why is the last arg PR_FALSE? */ - return pk11_NewTokenAttributeSigned(type,key->u.ec.publicValue.data, + return sftk_NewTokenAttributeSigned(type,key->u.ec.publicValue.data, key->u.ec.publicValue.len, PR_FALSE); default: break; @@ -536,11 +536,11 @@ pk11_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type) } #endif /* NSS_ENABLE_ECC */ -static PK11Attribute * -pk11_FindPublicKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindPublicKeyAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { NSSLOWKEYPublicKey *key; - PK11Attribute *att = NULL; + SFTKAttribute *att = NULL; char *label; switch (type) { @@ -548,38 +548,38 @@ pk11_FindPublicKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) case CKA_SENSITIVE: case CKA_ALWAYS_SENSITIVE: case CKA_NEVER_EXTRACTABLE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_MODIFIABLE: case CKA_EXTRACTABLE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_LABEL: label = nsslowkey_FindKeyNicknameByPublicKey(object->obj.slot->keyDB, &object->dbKey, object->obj.slot->password); if (label == NULL) { - return (PK11Attribute *)&pk11_StaticOneAttr; + return (SFTKAttribute *)&sftk_StaticOneAttr; } - att = pk11_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); + att = sftk_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); PORT_Free(label); return att; default: break; } - key = pk11_GetPublicKey(object); + key = sftk_GetPublicKey(object); if (key == NULL) { return NULL; } switch (key->keyType) { case NSSLOWKEYRSAKey: - return pk11_FindRSAPublicKeyAttribute(key,type); + return sftk_FindRSAPublicKeyAttribute(key,type); case NSSLOWKEYDSAKey: - return pk11_FindDSAPublicKeyAttribute(key,type); + return sftk_FindDSAPublicKeyAttribute(key,type); case NSSLOWKEYDHKey: - return pk11_FindDHPublicKeyAttribute(key,type); + return sftk_FindDHPublicKeyAttribute(key,type); #ifdef NSS_ENABLE_ECC case NSSLOWKEYECKey: - return pk11_FindECPublicKeyAttribute(key,type); + return sftk_FindECPublicKeyAttribute(key,type); #endif /* NSS_ENABLE_ECC */ default: break; @@ -588,13 +588,13 @@ pk11_FindPublicKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindSecretKeyAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { NSSLOWKEYPrivateKey *key; char *label; unsigned char *keyString; - PK11Attribute *att; + SFTKAttribute *att; int keyTypeLen; CK_ULONG keyLen; CK_KEY_TYPE keyType; @@ -613,16 +613,16 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) case CKA_WRAP: case CKA_UNWRAP: case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_NEVER_EXTRACTABLE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_LABEL: label = nsslowkey_FindKeyNicknameByPublicKey(object->obj.slot->keyDB, &object->dbKey, object->obj.slot->password); if (label == NULL) { - return (PK11Attribute *)&pk11_StaticNullAttr; + return (SFTKAttribute *)&sftk_StaticNullAttr; } - att = pk11_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); + att = sftk_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); PORT_Free(label); return att; case CKA_KEY_TYPE: @@ -633,7 +633,7 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) return NULL; } - key = pk11_GetPrivateKey(object); + key = sftk_GetPrivateKey(object); if (key == NULL) { return NULL; } @@ -709,20 +709,20 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) */ keyType = (CK_KEY_TYPE) keyString[0] ; } - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType),PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType),PR_TRUE); case CKA_VALUE: - return pk11_NewTokenAttribute(type,key->u.rsa.privateExponent.data, + return sftk_NewTokenAttribute(type,key->u.rsa.privateExponent.data, key->u.rsa.privateExponent.len, PR_FALSE); case CKA_VALUE_LEN: keyLen=key->u.rsa.privateExponent.len; - return pk11_NewTokenAttribute(type, &keyLen, sizeof(CK_ULONG), PR_TRUE); + return sftk_NewTokenAttribute(type, &keyLen, sizeof(CK_ULONG), PR_TRUE); } return NULL; } -static PK11Attribute * -pk11_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, +static SFTKAttribute * +sftk_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; @@ -730,22 +730,22 @@ pk11_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.rsa.modulus.data,key->u.rsa.modulus.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_DECRYPT: case CKA_SIGN: case CKA_SIGN_RECOVER: case CKA_UNWRAP: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_MODULUS: - return pk11_NewTokenAttributeSigned(type,key->u.rsa.modulus.data, + return sftk_NewTokenAttributeSigned(type,key->u.rsa.modulus.data, key->u.rsa.modulus.len, PR_FALSE); case CKA_PUBLIC_EXPONENT: - return pk11_NewTokenAttributeSigned(type,key->u.rsa.publicExponent.data, + return sftk_NewTokenAttributeSigned(type,key->u.rsa.publicExponent.data, key->u.rsa.publicExponent.len, PR_FALSE); case CKA_PRIVATE_EXPONENT: case CKA_PRIME_1: @@ -753,15 +753,15 @@ pk11_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, case CKA_EXPONENT_1: case CKA_EXPONENT_2: case CKA_COEFFICIENT: - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; default: break; } return NULL; } -static PK11Attribute * -pk11_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, +static SFTKAttribute * +sftk_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; @@ -769,29 +769,29 @@ pk11_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.dsa.publicValue.data, key->u.dsa.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: case CKA_DECRYPT: case CKA_SIGN_RECOVER: case CKA_UNWRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_SIGN: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_VALUE: - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; case CKA_PRIME: - return pk11_NewTokenAttributeSigned(type,key->u.dsa.params.prime.data, + return sftk_NewTokenAttributeSigned(type,key->u.dsa.params.prime.data, key->u.dsa.params.prime.len, PR_FALSE); case CKA_SUBPRIME: - return pk11_NewTokenAttributeSigned(type, + return sftk_NewTokenAttributeSigned(type, key->u.dsa.params.subPrime.data, key->u.dsa.params.subPrime.len, PR_FALSE); case CKA_BASE: - return pk11_NewTokenAttributeSigned(type,key->u.dsa.params.base.data, + return sftk_NewTokenAttributeSigned(type,key->u.dsa.params.base.data, key->u.dsa.params.base.len, PR_FALSE); default: break; @@ -799,32 +799,32 @@ pk11_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, return NULL; } -static PK11Attribute * -pk11_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_DH; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.dh.publicValue.data,key->u.dh.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_DECRYPT: case CKA_SIGN: case CKA_SIGN_RECOVER: case CKA_UNWRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_VALUE: - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; case CKA_PRIME: - return pk11_NewTokenAttributeSigned(type,key->u.dh.prime.data, + return sftk_NewTokenAttributeSigned(type,key->u.dh.prime.data, key->u.dh.prime.len, PR_FALSE); case CKA_BASE: - return pk11_NewTokenAttributeSigned(type,key->u.dh.base.data, + return sftk_NewTokenAttributeSigned(type,key->u.dh.base.data, key->u.dh.base.len, PR_FALSE); default: break; @@ -833,30 +833,30 @@ pk11_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) } #ifdef NSS_ENABLE_ECC -static PK11Attribute * -pk11_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) { unsigned char hash[SHA1_LENGTH]; CK_KEY_TYPE keyType = CKK_EC; switch (type) { case CKA_KEY_TYPE: - return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); + return sftk_NewTokenAttribute(type,&keyType,sizeof(keyType), PR_TRUE); case CKA_ID: SHA1_HashBuf(hash,key->u.ec.publicValue.data,key->u.ec.publicValue.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); case CKA_DERIVE: case CKA_SIGN: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_DECRYPT: case CKA_SIGN_RECOVER: case CKA_UNWRAP: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_VALUE: - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; case CKA_EC_PARAMS: /* XXX Why is the last arg PR_FALSE? */ - return pk11_NewTokenAttributeSigned(type, + return sftk_NewTokenAttributeSigned(type, key->u.ec.ecParams.DEREncoding.data, key->u.ec.ecParams.DEREncoding.len, PR_FALSE); @@ -867,12 +867,12 @@ pk11_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type) } #endif /* NSS_ENABLE_ECC */ -static PK11Attribute * -pk11_FindPrivateKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindPrivateKeyAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { NSSLOWKEYPrivateKey *key; char *label; - PK11Attribute *att; + SFTKAttribute *att; switch (type) { case CKA_PRIVATE: @@ -880,37 +880,37 @@ pk11_FindPrivateKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) case CKA_ALWAYS_SENSITIVE: case CKA_EXTRACTABLE: case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_NEVER_EXTRACTABLE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_SUBJECT: - return (PK11Attribute *)&pk11_StaticNullAttr; + return (SFTKAttribute *)&sftk_StaticNullAttr; case CKA_LABEL: label = nsslowkey_FindKeyNicknameByPublicKey(object->obj.slot->keyDB, &object->dbKey, object->obj.slot->password); if (label == NULL) { - return (PK11Attribute *)&pk11_StaticNullAttr; + return (SFTKAttribute *)&sftk_StaticNullAttr; } - att = pk11_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); + att = sftk_NewTokenAttribute(type,label,PORT_Strlen(label), PR_TRUE); PORT_Free(label); return att; default: break; } - key = pk11_GetPrivateKey(object); + key = sftk_GetPrivateKey(object); if (key == NULL) { return NULL; } switch (key->keyType) { case NSSLOWKEYRSAKey: - return pk11_FindRSAPrivateKeyAttribute(key,type); + return sftk_FindRSAPrivateKeyAttribute(key,type); case NSSLOWKEYDSAKey: - return pk11_FindDSAPrivateKeyAttribute(key,type); + return sftk_FindDSAPrivateKeyAttribute(key,type); case NSSLOWKEYDHKey: - return pk11_FindDHPrivateKeyAttribute(key,type); + return sftk_FindDHPrivateKeyAttribute(key,type); #ifdef NSS_ENABLE_ECC case NSSLOWKEYECKey: - return pk11_FindECPrivateKeyAttribute(key,type); + return sftk_FindECPrivateKeyAttribute(key,type); #endif /* NSS_ENABLE_ECC */ default: break; @@ -919,16 +919,16 @@ pk11_FindPrivateKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindSMIMEAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindSMIMEAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { certDBEntrySMime *entry; switch (type) { case CKA_PRIVATE: case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_NETSCAPE_EMAIL: - return pk11_NewTokenAttribute(type,object->dbKey.data, + return sftk_NewTokenAttribute(type,object->dbKey.data, object->dbKey.len-1, PR_FALSE); case CKA_NETSCAPE_SMIME_TIMESTAMP: case CKA_SUBJECT: @@ -937,19 +937,19 @@ pk11_FindSMIMEAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) default: return NULL; } - entry = pk11_getSMime(object); + entry = sftk_getSMime(object); if (entry == NULL) { return NULL; } switch (type) { case CKA_NETSCAPE_SMIME_TIMESTAMP: - return pk11_NewTokenAttribute(type,entry->optionsDate.data, + return sftk_NewTokenAttribute(type,entry->optionsDate.data, entry->optionsDate.len, PR_FALSE); case CKA_SUBJECT: - return pk11_NewTokenAttribute(type,entry->subjectName.data, + return sftk_NewTokenAttribute(type,entry->subjectName.data, entry->subjectName.len, PR_FALSE); case CKA_VALUE: - return pk11_NewTokenAttribute(type,entry->smimeOptions.data, + return sftk_NewTokenAttribute(type,entry->smimeOptions.data, entry->smimeOptions.len, PR_FALSE); default: break; @@ -957,8 +957,8 @@ pk11_FindSMIMEAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindTrustAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { NSSLOWCERTTrust *trust; unsigned char hash[SHA1_LENGTH]; @@ -966,9 +966,9 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) switch (type) { case CKA_PRIVATE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_CERT_SHA1_HASH: case CKA_CERT_MD5_HASH: case CKA_TRUST_CLIENT_AUTH: @@ -980,17 +980,17 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) default: return NULL; } - trust = pk11_getTrust(object); + trust = sftk_getTrust(object); if (trust == NULL) { return NULL; } switch (type) { case CKA_CERT_SHA1_HASH: SHA1_HashBuf(hash,trust->derCert->data,trust->derCert->len); - return pk11_NewTokenAttribute(type, hash, SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type, hash, SHA1_LENGTH, PR_TRUE); case CKA_CERT_MD5_HASH: MD5_HashBuf(hash,trust->derCert->data,trust->derCert->len); - return pk11_NewTokenAttribute(type, hash, MD5_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type, hash, MD5_LENGTH, PR_TRUE); case CKA_TRUST_CLIENT_AUTH: trustFlags = trust->trust->sslFlags & CERTDB_TRUSTED_CLIENT_CA ? trust->trust->sslFlags | CERTDB_TRUSTED_CA : 0 ; @@ -1005,29 +1005,29 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) trustFlags = trust->trust->objectSigningFlags; trust: if (trustFlags & CERTDB_TRUSTED_CA ) { - return (PK11Attribute *)&pk11_StaticTrustedDelegatorAttr; + return (SFTKAttribute *)&sftk_StaticTrustedDelegatorAttr; } if (trustFlags & CERTDB_TRUSTED) { - return (PK11Attribute *)&pk11_StaticTrustedAttr; + return (SFTKAttribute *)&sftk_StaticTrustedAttr; } if (trustFlags & CERTDB_NOT_TRUSTED) { - return (PK11Attribute *)&pk11_StaticUnTrustedAttr; + return (SFTKAttribute *)&sftk_StaticUnTrustedAttr; } if (trustFlags & CERTDB_TRUSTED_UNKNOWN) { - return (PK11Attribute *)&pk11_StaticTrustUnknownAttr; + return (SFTKAttribute *)&sftk_StaticTrustUnknownAttr; } if (trustFlags & CERTDB_VALID_CA) { - return (PK11Attribute *)&pk11_StaticValidDelegatorAttr; + return (SFTKAttribute *)&sftk_StaticValidDelegatorAttr; } if (trustFlags & CERTDB_VALID_PEER) { - return (PK11Attribute *)&pk11_StaticValidPeerAttr; + return (SFTKAttribute *)&sftk_StaticValidPeerAttr; } - return (PK11Attribute *)&pk11_StaticMustVerifyAttr; + return (SFTKAttribute *)&sftk_StaticMustVerifyAttr; case CKA_TRUST_STEP_UP_APPROVED: if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) { - return (PK11Attribute *)&pk11_StaticTrueAttr; + return (SFTKAttribute *)&sftk_StaticTrueAttr; } else { - return (PK11Attribute *)&pk11_StaticFalseAttr; + return (SFTKAttribute *)&sftk_StaticFalseAttr; } default: break; @@ -1036,17 +1036,17 @@ trust: #ifdef notdef switch (type) { case CKA_ISSUER: - cert = pk11_getCertObject(object); + cert = sftk_getCertObject(object); if (cert == NULL) break; - attr = pk11_NewTokenAttribute(type,cert->derIssuer.data, + attr = sftk_NewTokenAttribute(type,cert->derIssuer.data, cert->derIssuer.len, PR_FALSE); case CKA_SERIAL_NUMBER: - cert = pk11_getCertObject(object); + cert = sftk_getCertObject(object); if (cert == NULL) break; - item = SEC_ASN1EncodeItem(NULL,NULL,cert,pk11_SerialTemplate); + item = SEC_ASN1EncodeItem(NULL,NULL,cert,sftk_SerialTemplate); if (item == NULL) break; - attr = pk11_NewTokenAttribute(type, item->data, item->len, PR_TRUE); + attr = sftk_NewTokenAttribute(type, item->data, item->len, PR_TRUE); SECITEM_FreeItem(item,PR_TRUE); } if (cert) { @@ -1057,20 +1057,20 @@ trust: return NULL; } -static PK11Attribute * -pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindCrlAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { certDBEntryRevocation *crl; switch (type) { case CKA_PRIVATE: case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_NETSCAPE_KRL: - return (PK11Attribute *) ((object->obj.handle == PK11_TOKEN_KRL_HANDLE) - ? &pk11_StaticTrueAttr : &pk11_StaticFalseAttr); + return (SFTKAttribute *) ((object->obj.handle == SFTK_TOKEN_KRL_HANDLE) + ? &sftk_StaticTrueAttr : &sftk_StaticFalseAttr); case CKA_SUBJECT: - return pk11_NewTokenAttribute(type,object->dbKey.data, + return sftk_NewTokenAttribute(type,object->dbKey.data, object->dbKey.len, PR_FALSE); case CKA_NETSCAPE_URL: case CKA_VALUE: @@ -1079,19 +1079,19 @@ pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - crl = pk11_getCrl(object); + crl = sftk_getCrl(object); if (!crl) { return NULL; } switch (type) { case CKA_NETSCAPE_URL: if (crl->url == NULL) { - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; } - return pk11_NewTokenAttribute(type, crl->url, + return sftk_NewTokenAttribute(type, crl->url, PORT_Strlen(crl->url)+1, PR_TRUE); case CKA_VALUE: - return pk11_NewTokenAttribute(type, crl->derCrl.data, + return sftk_NewTokenAttribute(type, crl->derCrl.data, crl->derCrl.len, PR_FALSE); default: break; @@ -1099,8 +1099,8 @@ pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) return NULL; } -static PK11Attribute * -pk11_FindCertAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindCertAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type) { NSSLOWCERTCertificate *cert; NSSLOWKEYPublicKey *pubKey; @@ -1109,12 +1109,12 @@ pk11_FindCertAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) switch (type) { case CKA_PRIVATE: - return (PK11Attribute *) &pk11_StaticFalseAttr; + return (SFTKAttribute *) &sftk_StaticFalseAttr; case CKA_MODIFIABLE: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_CERTIFICATE_TYPE: /* hardcoding X.509 into here */ - return (PK11Attribute *)&pk11_StaticX509Attr; + return (SFTKAttribute *)&sftk_StaticX509Attr; case CKA_VALUE: case CKA_ID: case CKA_LABEL: @@ -1126,23 +1126,23 @@ pk11_FindCertAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) default: return NULL; } - cert = pk11_getCert(object); + cert = sftk_getCert(object); if (cert == NULL) { return NULL; } switch (type) { case CKA_VALUE: - return pk11_NewTokenAttribute(type,cert->derCert.data, + return sftk_NewTokenAttribute(type,cert->derCert.data, cert->derCert.len,PR_FALSE); case CKA_ID: if (((cert->trust->sslFlags & CERTDB_USER) == 0) && ((cert->trust->emailFlags & CERTDB_USER) == 0) && ((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) { - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; } pubKey = nsslowcert_ExtractPublicKey(cert); if (pubKey == NULL) break; - item = pk11_GetPubItem(pubKey); + item = sftk_GetPubItem(pubKey); if (item == NULL) { nsslowkey_DestroyPublicKey(pubKey); break; @@ -1150,41 +1150,41 @@ pk11_FindCertAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) SHA1_HashBuf(hash,item->data,item->len); /* item is imbedded in pubKey, just free the key */ nsslowkey_DestroyPublicKey(pubKey); - return pk11_NewTokenAttribute(type, hash, SHA1_LENGTH, PR_TRUE); + return sftk_NewTokenAttribute(type, hash, SHA1_LENGTH, PR_TRUE); case CKA_LABEL: - return cert->nickname ? pk11_NewTokenAttribute(type, cert->nickname, + return cert->nickname ? sftk_NewTokenAttribute(type, cert->nickname, PORT_Strlen(cert->nickname), PR_FALSE) : - (PK11Attribute *) &pk11_StaticNullAttr; + (SFTKAttribute *) &sftk_StaticNullAttr; case CKA_SUBJECT: - return pk11_NewTokenAttribute(type,cert->derSubject.data, + return sftk_NewTokenAttribute(type,cert->derSubject.data, cert->derSubject.len, PR_FALSE); case CKA_ISSUER: - return pk11_NewTokenAttribute(type,cert->derIssuer.data, + return sftk_NewTokenAttribute(type,cert->derIssuer.data, cert->derIssuer.len, PR_FALSE); case CKA_SERIAL_NUMBER: - return pk11_NewTokenAttribute(type,cert->derSN.data, + return sftk_NewTokenAttribute(type,cert->derSN.data, cert->derSN.len, PR_FALSE); case CKA_NETSCAPE_EMAIL: return (cert->emailAddr && cert->emailAddr[0]) - ? pk11_NewTokenAttribute(type, cert->emailAddr, + ? sftk_NewTokenAttribute(type, cert->emailAddr, PORT_Strlen(cert->emailAddr), PR_FALSE) - : (PK11Attribute *) &pk11_StaticNullAttr; + : (SFTKAttribute *) &sftk_StaticNullAttr; default: break; } return NULL; } -static PK11Attribute * -pk11_FindTokenAttribute(PK11TokenObject *object,CK_ATTRIBUTE_TYPE type) +static SFTKAttribute * +sftk_FindTokenAttribute(SFTKTokenObject *object,CK_ATTRIBUTE_TYPE type) { /* handle the common ones */ switch (type) { case CKA_CLASS: - return pk11_NewTokenAttribute(type,&object->obj.objclass, + return sftk_NewTokenAttribute(type,&object->obj.objclass, sizeof(object->obj.objclass),PR_FALSE); case CKA_TOKEN: - return (PK11Attribute *) &pk11_StaticTrueAttr; + return (SFTKAttribute *) &sftk_StaticTrueAttr; case CKA_LABEL: if ( (object->obj.objclass == CKO_CERTIFICATE) || (object->obj.objclass == CKO_PRIVATE_KEY) @@ -1192,25 +1192,25 @@ pk11_FindTokenAttribute(PK11TokenObject *object,CK_ATTRIBUTE_TYPE type) || (object->obj.objclass == CKO_SECRET_KEY)) { break; } - return (PK11Attribute *) &pk11_StaticNullAttr; + return (SFTKAttribute *) &sftk_StaticNullAttr; default: break; } switch (object->obj.objclass) { case CKO_CERTIFICATE: - return pk11_FindCertAttribute(object,type); + return sftk_FindCertAttribute(object,type); case CKO_NETSCAPE_CRL: - return pk11_FindCrlAttribute(object,type); + return sftk_FindCrlAttribute(object,type); case CKO_NETSCAPE_TRUST: - return pk11_FindTrustAttribute(object,type); + return sftk_FindTrustAttribute(object,type); case CKO_NETSCAPE_SMIME: - return pk11_FindSMIMEAttribute(object,type); + return sftk_FindSMIMEAttribute(object,type); case CKO_PUBLIC_KEY: - return pk11_FindPublicKeyAttribute(object,type); + return sftk_FindPublicKeyAttribute(object,type); case CKO_PRIVATE_KEY: - return pk11_FindPrivateKeyAttribute(object,type); + return sftk_FindPrivateKeyAttribute(object,type); case CKO_SECRET_KEY: - return pk11_FindSecretKeyAttribute(object,type); + return sftk_FindSecretKeyAttribute(object,type); default: break; } @@ -1223,18 +1223,18 @@ pk11_FindTokenAttribute(PK11TokenObject *object,CK_ATTRIBUTE_TYPE type) * The returned attribute is referenced and needs to be freed when * it is no longer needed. */ -PK11Attribute * -pk11_FindAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) +SFTKAttribute * +sftk_FindAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; - PK11SessionObject *sessObject = pk11_narrowToSessionObject(object); + SFTKAttribute *attribute; + SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); if (sessObject == NULL) { - return pk11_FindTokenAttribute(pk11_narrowToTokenObject(object),type); + return sftk_FindTokenAttribute(sftk_narrowToTokenObject(object),type); } PZ_Lock(sessObject->attributeLock); - pk11queue_find(attribute,type,sessObject->head, sessObject->hashSize); + sftkqueue_find(attribute,type,sessObject->head, sessObject->hashSize); PZ_Unlock(sessObject->attributeLock); return(attribute); @@ -1244,7 +1244,7 @@ pk11_FindAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) * Take a buffer and it's length and return it's true size in bits; */ unsigned int -pk11_GetLengthInBits(unsigned char *buf, unsigned int bufLen) +sftk_GetLengthInBits(unsigned char *buf, unsigned int bufLen) { unsigned int size = bufLen * 8; int i; @@ -1275,24 +1275,24 @@ pk11_GetLengthInBits(unsigned char *buf, unsigned int bufLen) * if any constraint is '0' that constraint is not checked. */ CK_RV -pk11_ConstrainAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, +sftk_ConstrainAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple) { - PK11Attribute *attribute; + SFTKAttribute *attribute; unsigned int size; unsigned char *ptr; - attribute = pk11_FindAttribute(object, type); + attribute = sftk_FindAttribute(object, type); if (!attribute) { return CKR_TEMPLATE_INCOMPLETE; } ptr = (unsigned char *) attribute->attrib.pValue; if (ptr == NULL) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_ATTRIBUTE_VALUE_INVALID; } - size = pk11_GetLengthInBits(ptr, attribute->attrib.ulValueLen); - pk11_FreeAttribute(attribute); + size = sftk_GetLengthInBits(ptr, attribute->attrib.ulValueLen); + sftk_FreeAttribute(attribute); if ((minLength != 0) && (size < minLength)) { return CKR_ATTRIBUTE_VALUE_INVALID; @@ -1307,7 +1307,7 @@ pk11_ConstrainAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, } PRBool -pk11_hasAttributeToken(PK11TokenObject *object) +sftk_hasAttributeToken(SFTKTokenObject *object) { return PR_FALSE; } @@ -1316,17 +1316,17 @@ pk11_hasAttributeToken(PK11TokenObject *object) * return true if object has attribute */ PRBool -pk11_hasAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) +sftk_hasAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; - PK11SessionObject *sessObject = pk11_narrowToSessionObject(object); + SFTKAttribute *attribute; + SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); if (sessObject == NULL) { - return pk11_hasAttributeToken(pk11_narrowToTokenObject(object)); + return sftk_hasAttributeToken(sftk_narrowToTokenObject(object)); } PZ_Lock(sessObject->attributeLock); - pk11queue_find(attribute,type,sessObject->head, sessObject->hashSize); + sftkqueue_find(attribute,type,sessObject->head, sessObject->hashSize); PZ_Unlock(sessObject->attributeLock); return (PRBool)(attribute != NULL); @@ -1336,13 +1336,13 @@ pk11_hasAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) * add an attribute to an object */ static void -pk11_AddAttribute(PK11Object *object,PK11Attribute *attribute) +sftk_AddAttribute(SFTKObject *object,SFTKAttribute *attribute) { - PK11SessionObject *sessObject = pk11_narrowToSessionObject(object); + SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); if (sessObject == NULL) return; PZ_Lock(sessObject->attributeLock); - pk11queue_add(attribute,attribute->handle, + sftkqueue_add(attribute,attribute->handle, sessObject->head, sessObject->hashSize); PZ_Unlock(sessObject->attributeLock); } @@ -1352,23 +1352,23 @@ pk11_AddAttribute(PK11Object *object,PK11Attribute *attribute) * the specified arena. */ CK_RV -pk11_Attribute2SSecItem(PLArenaPool *arena,SECItem *item,PK11Object *object, +sftk_Attribute2SSecItem(PLArenaPool *arena,SECItem *item,SFTKObject *object, CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; + SFTKAttribute *attribute; item->data = NULL; - attribute = pk11_FindAttribute(object, type); + attribute = sftk_FindAttribute(object, type); if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; (void)SECITEM_AllocItem(arena, item, attribute->attrib.ulValueLen); if (item->data == NULL) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_HOST_MEMORY; } PORT_Memcpy(item->data, attribute->attrib.pValue, item->len); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_OK; } @@ -1377,21 +1377,21 @@ pk11_Attribute2SSecItem(PLArenaPool *arena,SECItem *item,PK11Object *object, * delete an attribute from an object */ static void -pk11_DeleteAttribute(PK11Object *object, PK11Attribute *attribute) +sftk_DeleteAttribute(SFTKObject *object, SFTKAttribute *attribute) { - PK11SessionObject *sessObject = pk11_narrowToSessionObject(object); + SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); if (sessObject == NULL) { return ; } PZ_Lock(sessObject->attributeLock); - if (pk11queue_is_queued(attribute,attribute->handle, + if (sftkqueue_is_queued(attribute,attribute->handle, sessObject->head, sessObject->hashSize)) { - pk11queue_delete(attribute,attribute->handle, + sftkqueue_delete(attribute,attribute->handle, sessObject->head, sessObject->hashSize); } PZ_Unlock(sessObject->attributeLock); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); } /* @@ -1399,15 +1399,15 @@ pk11_DeleteAttribute(PK11Object *object, PK11Attribute *attribute) * of that attribute. */ PRBool -pk11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type) +sftk_isTrue(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; + SFTKAttribute *attribute; PRBool tok = PR_FALSE; - attribute=pk11_FindAttribute(object,type); + attribute=sftk_FindAttribute(object,type); if (attribute == NULL) { return PR_FALSE; } tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return tok; } @@ -1418,11 +1418,11 @@ pk11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type) * want to keep this info around in memory in the clear. */ void -pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) +sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; + SFTKAttribute *attribute; - attribute=pk11_FindAttribute(object,type); + attribute=sftk_FindAttribute(object,type); if (attribute == NULL) return; if (attribute->attrib.pValue != NULL) { @@ -1434,11 +1434,11 @@ pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) attribute->attrib.pValue = NULL; attribute->attrib.ulValueLen = 0; } - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); } static CK_RV -pk11_SetCertAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, +sftk_SetCertAttribute(SFTKTokenObject *to, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len) { NSSLOWCERTCertificate *cert; @@ -1459,7 +1459,7 @@ pk11_SetCertAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, return CKR_ATTRIBUTE_READ_ONLY; } - cert = pk11_getCert(to); + cert = sftk_getCert(to); if (cert == NULL) { return CKR_OBJECT_HANDLE_INVALID; } @@ -1471,7 +1471,7 @@ pk11_SetCertAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, if (((cert->trust->sslFlags & CERTDB_USER) == 0) && ((cert->trust->emailFlags & CERTDB_USER) == 0) && ((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) { - PK11Slot *slot = to->obj.slot; + SFTKSlot *slot = to->obj.slot; if (slot->keyDB && nsslowkey_KeyForCertExists(slot->keyDB,cert)) { NSSLOWCERTCertTrust trust = *cert->trust; @@ -1502,7 +1502,7 @@ pk11_SetCertAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, } static CK_RV -pk11_SetPrivateKeyAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, +sftk_SetPrivateKeyAttribute(SFTKTokenObject *to, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len) { NSSLOWKEYPrivateKey *privKey; @@ -1522,7 +1522,7 @@ pk11_SetPrivateKeyAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, return CKR_ATTRIBUTE_READ_ONLY; } - privKey = pk11_GetPrivateKey(to); + privKey = sftk_GetPrivateKey(to); if (privKey == NULL) { return CKR_OBJECT_HANDLE_INVALID; } @@ -1544,7 +1544,7 @@ pk11_SetPrivateKeyAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, } static CK_RV -pk11_SetTrustAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, +sftk_SetTrustAttribute(SFTKTokenObject *to, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len) { unsigned int flags; @@ -1560,9 +1560,9 @@ pk11_SetTrustAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, return CKR_ATTRIBUTE_VALUE_INVALID; } trust = *(CK_TRUST *)value; - flags = pk11_MapTrust(trust, (PRBool) (type == CKA_TRUST_SERVER_AUTH)); + flags = sftk_MapTrust(trust, (PRBool) (type == CKA_TRUST_SERVER_AUTH)); - cert = pk11_getCert(to); + cert = sftk_getCert(to); if (cert == NULL) { return CKR_OBJECT_HANDLE_INVALID; } @@ -1597,11 +1597,11 @@ pk11_SetTrustAttribute(PK11TokenObject *to, CK_ATTRIBUTE_TYPE type, } static CK_RV -pk11_forceTokenAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, +sftk_forceTokenAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type, void *value, unsigned int len) { - PK11Attribute *attribute; - PK11TokenObject *to = pk11_narrowToTokenObject(object); + SFTKAttribute *attribute; + SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_ATTRIBUTE_READ_ONLY; PORT_Assert(to); @@ -1612,7 +1612,7 @@ pk11_forceTokenAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, /* if we are just setting it to the value we already have, * allow it to happen. Let label setting go through so * we have the opportunity to repair any database corruption. */ - attribute=pk11_FindAttribute(object,type); + attribute=sftk_FindAttribute(object,type); PORT_Assert(attribute); if (!attribute) { return CKR_ATTRIBUTE_TYPE_INVALID; @@ -1620,27 +1620,27 @@ pk11_forceTokenAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, } if ((type != CKA_LABEL) && (attribute->attrib.ulValueLen == len) && PORT_Memcmp(attribute->attrib.pValue,value,len) == 0) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_OK; } switch (object->objclass) { case CKO_CERTIFICATE: /* change NICKNAME, EMAIL, */ - crv = pk11_SetCertAttribute(to,type,value,len); + crv = sftk_SetCertAttribute(to,type,value,len); break; case CKO_NETSCAPE_CRL: /* change URL */ break; case CKO_NETSCAPE_TRUST: - crv = pk11_SetTrustAttribute(to,type,value,len); + crv = sftk_SetTrustAttribute(to,type,value,len); break; case CKO_PRIVATE_KEY: case CKO_SECRET_KEY: - crv = pk11_SetPrivateKeyAttribute(to,type,value,len); + crv = sftk_SetPrivateKeyAttribute(to,type,value,len); break; } - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return crv; } @@ -1648,10 +1648,10 @@ pk11_forceTokenAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, * force an attribute to a spaecif value. */ CK_RV -pk11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, void *value, +sftk_forceAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type, void *value, unsigned int len) { - PK11Attribute *attribute; + SFTKAttribute *attribute; void *att_val = NULL; PRBool freeData = PR_FALSE; @@ -1663,11 +1663,11 @@ pk11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, void *value, !object->slot) { return CKR_DEVICE_ERROR; } - if (pk11_isToken(object->handle)) { - return pk11_forceTokenAttribute(object,type,value,len); + if (sftk_isToken(object->handle)) { + return sftk_forceTokenAttribute(object,type,value,len); } - attribute=pk11_FindAttribute(object,type); - if (attribute == NULL) return pk11_AddAttributeType(object,type,value,len); + attribute=sftk_FindAttribute(object,type); + if (attribute == NULL) return sftk_AddAttributeType(object,type,value,len); if (value) { @@ -1703,7 +1703,7 @@ pk11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, void *value, attribute->attrib.ulValueLen = len; attribute->freeData = freeData; } - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_OK; } @@ -1712,18 +1712,18 @@ pk11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, void *value, * is allocated and needs to be freed with PORT_Free() When complete. */ char * -pk11_getString(PK11Object *object,CK_ATTRIBUTE_TYPE type) +sftk_getString(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; + SFTKAttribute *attribute; char *label = NULL; - attribute=pk11_FindAttribute(object,type); + attribute=sftk_FindAttribute(object,type); if (attribute == NULL) return NULL; if (attribute->attrib.pValue != NULL) { label = (char *) PORT_Alloc(attribute->attrib.ulValueLen+1); if (label == NULL) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return NULL; } @@ -1731,27 +1731,27 @@ pk11_getString(PK11Object *object,CK_ATTRIBUTE_TYPE type) attribute->attrib.ulValueLen); label[attribute->attrib.ulValueLen] = 0; } - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return label; } /* * decode when a particular attribute may be modified - * PK11_NEVER: This attribute must be set at object creation time and + * SFTK_NEVER: This attribute must be set at object creation time and * can never be modified. - * PK11_ONCOPY: This attribute may be modified only when you copy the + * SFTK_ONCOPY: This attribute may be modified only when you copy the * object. - * PK11_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from + * SFTK_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from * CK_FALSE to CK_TRUE. - * PK11_ALWAYS: This attribute can always be modified. + * SFTK_ALWAYS: This attribute can always be modified. * Some attributes vary their modification type based on the class of the * object. */ -PK11ModifyType -pk11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) +SFTKModifyType +sftk_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) { /* if we don't know about it, user user defined, always allow modify */ - PK11ModifyType mtype = PK11_ALWAYS; + SFTKModifyType mtype = SFTK_ALWAYS; switch(type) { /* NEVER */ @@ -1774,20 +1774,20 @@ pk11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) case CKA_ALWAYS_SENSITIVE: case CKA_NEVER_EXTRACTABLE: case CKA_NETSCAPE_DB: - mtype = PK11_NEVER; + mtype = SFTK_NEVER; break; /* ONCOPY */ case CKA_TOKEN: case CKA_PRIVATE: case CKA_MODIFIABLE: - mtype = PK11_ONCOPY; + mtype = SFTK_ONCOPY; break; /* SENSITIVE */ case CKA_SENSITIVE: case CKA_EXTRACTABLE: - mtype = PK11_SENSITIVE; + mtype = SFTK_SENSITIVE; break; /* ALWAYS */ @@ -1806,16 +1806,16 @@ pk11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) case CKA_VERIFY_RECOVER: case CKA_WRAP: case CKA_UNWRAP: - mtype = PK11_ALWAYS; + mtype = SFTK_ALWAYS; break; /* DEPENDS ON CLASS */ case CKA_VALUE: - mtype = (inClass == CKO_DATA) ? PK11_ALWAYS : PK11_NEVER; + mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER; break; case CKA_SUBJECT: - mtype = (inClass == CKO_CERTIFICATE) ? PK11_NEVER : PK11_ALWAYS; + mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS; break; default: break; @@ -1826,7 +1826,7 @@ pk11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) /* decode if a particular attribute is sensitive (cannot be read * back to the user of if the object is set to SENSITIVE) */ PRBool -pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) +sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) { switch(type) { /* ALWAYS */ @@ -1854,13 +1854,13 @@ pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) * arena. */ CK_RV -pk11_Attribute2SecItem(PLArenaPool *arena,SECItem *item,PK11Object *object, +sftk_Attribute2SecItem(PLArenaPool *arena,SECItem *item,SFTKObject *object, CK_ATTRIBUTE_TYPE type) { int len; - PK11Attribute *attribute; + SFTKAttribute *attribute; - attribute = pk11_FindAttribute(object, type); + attribute = sftk_FindAttribute(object, type); if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; len = attribute->attrib.ulValueLen; @@ -1870,22 +1870,22 @@ pk11_Attribute2SecItem(PLArenaPool *arena,SECItem *item,PK11Object *object, item->data = (unsigned char *) PORT_Alloc(len); } if (item->data == NULL) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_HOST_MEMORY; } item->len = len; PORT_Memcpy(item->data,attribute->attrib.pValue, len); - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_OK; } CK_RV -pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, +sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, CK_ULONG *longData) { - PK11Attribute *attribute; + SFTKAttribute *attribute; - attribute = pk11_FindAttribute(object, type); + attribute = sftk_FindAttribute(object, type); if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; if (attribute->attrib.ulValueLen != sizeof(CK_ULONG)) { @@ -1893,28 +1893,28 @@ pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, } *longData = *(CK_ULONG *)attribute->attrib.pValue; - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return CKR_OK; } void -pk11_DeleteAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type) +sftk_DeleteAttributeType(SFTKObject *object,CK_ATTRIBUTE_TYPE type) { - PK11Attribute *attribute; - attribute = pk11_FindAttribute(object, type); + SFTKAttribute *attribute; + attribute = sftk_FindAttribute(object, type); if (attribute == NULL) return ; - pk11_DeleteAttribute(object,attribute); - pk11_FreeAttribute(attribute); + sftk_DeleteAttribute(object,attribute); + sftk_FreeAttribute(attribute); } CK_RV -pk11_AddAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *valPtr, +sftk_AddAttributeType(SFTKObject *object,CK_ATTRIBUTE_TYPE type,void *valPtr, CK_ULONG length) { - PK11Attribute *attribute; - attribute = pk11_NewAttribute(object,type,valPtr,length); + SFTKAttribute *attribute; + attribute = sftk_NewAttribute(object,type,valPtr,length); if (attribute == NULL) { return CKR_HOST_MEMORY; } - pk11_AddAttribute(object,attribute); + sftk_AddAttribute(object,attribute); return CKR_OK; } @@ -1923,7 +1923,7 @@ pk11_AddAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *valPtr, */ static SECStatus -pk11_deleteTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle) +sftk_deleteTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle) { SECItem *item; PRBool rem; @@ -1937,7 +1937,7 @@ pk11_deleteTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle) } static SECStatus -pk11_addTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle, SECItem *key) +sftk_addTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle, SECItem *key) { PLHashEntry *entry; SECItem *item; @@ -1955,7 +1955,7 @@ pk11_addTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle, SECItem *key) } static SECItem * -pk11_lookupTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle) +sftk_lookupTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle) { return (SECItem *)PL_HashTableLookup(slot->tokenHashTable, (void *)handle); } @@ -1966,25 +1966,25 @@ pk11_lookupTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle) * a new lock. We use separate functions for this just in case I'm wrong. */ static void -pk11_tokenKeyLock(PK11Slot *slot) { +sftk_tokenKeyLock(SFTKSlot *slot) { PZ_Lock(slot->objectLock); } static void -pk11_tokenKeyUnlock(PK11Slot *slot) { +sftk_tokenKeyUnlock(SFTKSlot *slot) { PZ_Unlock(slot->objectLock); } /* allocation hooks that allow us to recycle old object structures */ -static PK11ObjectFreeList sessionObjectList = { NULL, NULL, 0 }; -static PK11ObjectFreeList tokenObjectList = { NULL, NULL, 0 }; +static SFTKObjectFreeList sessionObjectList = { NULL, NULL, 0 }; +static SFTKObjectFreeList tokenObjectList = { NULL, NULL, 0 }; -PK11Object * -pk11_GetObjectFromList(PRBool *hasLocks, PRBool optimizeSpace, - PK11ObjectFreeList *list, unsigned int hashSize, PRBool isSessionObject) +SFTKObject * +sftk_GetObjectFromList(PRBool *hasLocks, PRBool optimizeSpace, + SFTKObjectFreeList *list, unsigned int hashSize, PRBool isSessionObject) { - PK11Object *object; + SFTKObject *object; int size = 0; if (!optimizeSpace) { @@ -2001,19 +2001,19 @@ pk11_GetObjectFromList(PRBool *hasLocks, PRBool optimizeSpace, return object; } } - size = isSessionObject ? sizeof(PK11SessionObject) - + hashSize *sizeof(PK11Attribute *) : sizeof(PK11TokenObject); + size = isSessionObject ? sizeof(SFTKSessionObject) + + hashSize *sizeof(SFTKAttribute *) : sizeof(SFTKTokenObject); - object = (PK11Object*)PORT_ZAlloc(size); + object = (SFTKObject*)PORT_ZAlloc(size); if (isSessionObject) { - ((PK11SessionObject *)object)->hashSize = hashSize; + ((SFTKSessionObject *)object)->hashSize = hashSize; } *hasLocks = PR_FALSE; return object; } static void -pk11_PutObjectToList(PK11Object *object, PK11ObjectFreeList *list, +sftk_PutObjectToList(SFTKObject *object, SFTKObjectFreeList *list, PRBool isSessionObject) { /* the code below is equivalent to : @@ -2021,7 +2021,7 @@ pk11_PutObjectToList(PK11Object *object, PK11ObjectFreeList *list, * just faster. */ PRBool optimizeSpace = isSessionObject && - ((PK11SessionObject *)object)->optimizeSpace; + ((SFTKSessionObject *)object)->optimizeSpace; if (!optimizeSpace && (list->count < MAX_OBJECT_LIST_SIZE)) { PZ_Lock(list->lock); object->next = list->head; @@ -2031,7 +2031,7 @@ pk11_PutObjectToList(PK11Object *object, PK11ObjectFreeList *list, return; } if (isSessionObject) { - PK11SessionObject *so = (PK11SessionObject *)object; + SFTKSessionObject *so = (SFTKSessionObject *)object; PZ_DestroyLock(so->attributeLock); so->attributeLock = NULL; } @@ -2040,40 +2040,40 @@ pk11_PutObjectToList(PK11Object *object, PK11ObjectFreeList *list, PORT_Free(object); } -static PK11Object * -pk11_freeObjectData(PK11Object *object) { - PK11Object *next = object->next; +static SFTKObject * +sftk_freeObjectData(SFTKObject *object) { + SFTKObject *next = object->next; PORT_Free(object); return next; } static void -pk11_InitFreeList(PK11ObjectFreeList *list) +sftk_InitFreeList(SFTKObjectFreeList *list) { list->lock = PZ_NewLock(nssILockObject); } -void pk11_InitFreeLists(void) +void sftk_InitFreeLists(void) { - pk11_InitFreeList(&sessionObjectList); - pk11_InitFreeList(&tokenObjectList); + sftk_InitFreeList(&sessionObjectList); + sftk_InitFreeList(&tokenObjectList); } static void -pk11_CleanupFreeList(PK11ObjectFreeList *list, PRBool isSessionList) +sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList) { - PK11Object *object; + SFTKObject *object; if (!list->lock) { return; } PZ_Lock(list->lock); for (object= list->head; object != NULL; - object = pk11_freeObjectData(object)) { + object = sftk_freeObjectData(object)) { PZ_DestroyLock(object->refLock); if (isSessionList) { - PZ_DestroyLock(((PK11SessionObject *)object)->attributeLock); + PZ_DestroyLock(((SFTKSessionObject *)object)->attributeLock); } } list->count = 0; @@ -2084,21 +2084,21 @@ pk11_CleanupFreeList(PK11ObjectFreeList *list, PRBool isSessionList) } void -pk11_CleanupFreeLists(void) +sftk_CleanupFreeLists(void) { - pk11_CleanupFreeList(&sessionObjectList, PR_TRUE); - pk11_CleanupFreeList(&tokenObjectList, PR_FALSE); + sftk_CleanupFreeList(&sessionObjectList, PR_TRUE); + sftk_CleanupFreeList(&tokenObjectList, PR_FALSE); } /* * Create a new object */ -PK11Object * -pk11_NewObject(PK11Slot *slot) +SFTKObject * +sftk_NewObject(SFTKSlot *slot) { - PK11Object *object; - PK11SessionObject *sessObject; + SFTKObject *object; + SFTKSessionObject *sessObject; PRBool hasLocks = PR_FALSE; unsigned int i; unsigned int hashSize = 0; @@ -2106,12 +2106,12 @@ pk11_NewObject(PK11Slot *slot) hashSize = (slot->optimizeSpace) ? SPACE_ATTRIBUTE_HASH_SIZE : TIME_ATTRIBUTE_HASH_SIZE; - object = pk11_GetObjectFromList(&hasLocks, slot->optimizeSpace, + object = sftk_GetObjectFromList(&hasLocks, slot->optimizeSpace, &sessionObjectList, hashSize, PR_TRUE); if (object == NULL) { return NULL; } - sessObject = (PK11SessionObject *)object; + sessObject = (SFTKSessionObject *)object; sessObject->nextAttr = 0; for (i=0; i < MAX_OBJS_ATTRS; i++) { @@ -2150,7 +2150,7 @@ pk11_NewObject(PK11Slot *slot) } static CK_RV -pk11_DestroySessionObjectData(PK11SessionObject *so) +sftk_DestroySessionObjectData(SFTKSessionObject *so) { int i; @@ -2174,11 +2174,11 @@ pk11_DestroySessionObjectData(PK11SessionObject *so) * be 'zero'. */ static CK_RV -pk11_DestroyObject(PK11Object *object) +sftk_DestroyObject(SFTKObject *object) { CK_RV crv = CKR_OK; - PK11SessionObject *so = pk11_narrowToSessionObject(object); - PK11TokenObject *to = pk11_narrowToTokenObject(object); + SFTKSessionObject *so = sftk_narrowToSessionObject(object); + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(object->refCount == 0); @@ -2190,7 +2190,7 @@ pk11_DestroyObject(PK11Object *object) } } if (so) { - pk11_DestroySessionObjectData(so); + sftk_DestroySessionObjectData(so); } if (object->objectInfo) { (*object->infoFree)(object->objectInfo); @@ -2198,35 +2198,35 @@ pk11_DestroyObject(PK11Object *object) object->infoFree = NULL; } if (so) { - pk11_PutObjectToList(object,&sessionObjectList,PR_TRUE); + sftk_PutObjectToList(object,&sessionObjectList,PR_TRUE); } else { - pk11_PutObjectToList(object,&tokenObjectList,PR_FALSE); + sftk_PutObjectToList(object,&tokenObjectList,PR_FALSE); } return crv; } void -pk11_ReferenceObject(PK11Object *object) +sftk_ReferenceObject(SFTKObject *object) { PZ_Lock(object->refLock); object->refCount++; PZ_Unlock(object->refLock); } -static PK11Object * -pk11_ObjectFromHandleOnSlot(CK_OBJECT_HANDLE handle, PK11Slot *slot) +static SFTKObject * +sftk_ObjectFromHandleOnSlot(CK_OBJECT_HANDLE handle, SFTKSlot *slot) { - PK11Object *object; - PRUint32 index = pk11_hash(handle, slot->tokObjHashSize); + SFTKObject *object; + PRUint32 index = sftk_hash(handle, slot->tokObjHashSize); - if (pk11_isToken(handle)) { - return pk11_NewTokenObject(slot, NULL, handle); + if (sftk_isToken(handle)) { + return sftk_NewTokenObject(slot, NULL, handle); } PZ_Lock(slot->objectLock); - pk11queue_find2(object, handle, index, slot->tokObjects); + sftkqueue_find2(object, handle, index, slot->tokObjects); if (object) { - pk11_ReferenceObject(object); + sftk_ReferenceObject(object); } PZ_Unlock(slot->objectLock); @@ -2237,20 +2237,20 @@ pk11_ObjectFromHandleOnSlot(CK_OBJECT_HANDLE handle, PK11Slot *slot) * sense in terms of a given session. make a reference to that object * structure returned. */ -PK11Object * -pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle, PK11Session *session) +SFTKObject * +sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, SFTKSession *session) { - PK11Slot *slot = pk11_SlotFromSession(session); + SFTKSlot *slot = sftk_SlotFromSession(session); - return pk11_ObjectFromHandleOnSlot(handle,slot); + return sftk_ObjectFromHandleOnSlot(handle,slot); } /* * release a reference to an object handle */ -PK11FreeStatus -pk11_FreeObject(PK11Object *object) +SFTKFreeStatus +sftk_FreeObject(SFTKObject *object) { PRBool destroy = PR_FALSE; CK_RV crv; @@ -2261,13 +2261,13 @@ pk11_FreeObject(PK11Object *object) PZ_Unlock(object->refLock); if (destroy) { - crv = pk11_DestroyObject(object); + crv = sftk_DestroyObject(object); if (crv != CKR_OK) { - return PK11_DestroyFailure; + return SFTK_DestroyFailure; } - return PK11_Destroyed; + return SFTK_Destroyed; } - return PK11_Busy; + return SFTK_Busy; } /* @@ -2275,73 +2275,73 @@ pk11_FreeObject(PK11Object *object) * adopt the object. */ void -pk11_AddSlotObject(PK11Slot *slot, PK11Object *object) +sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object) { - PRUint32 index = pk11_hash(object->handle, slot->tokObjHashSize); - pk11queue_init_element(object); + PRUint32 index = sftk_hash(object->handle, slot->tokObjHashSize); + sftkqueue_init_element(object); PZ_Lock(slot->objectLock); - pk11queue_add2(object, object->handle, index, slot->tokObjects); + sftkqueue_add2(object, object->handle, index, slot->tokObjects); PZ_Unlock(slot->objectLock); } void -pk11_AddObject(PK11Session *session, PK11Object *object) +sftk_AddObject(SFTKSession *session, SFTKObject *object) { - PK11Slot *slot = pk11_SlotFromSession(session); - PK11SessionObject *so = pk11_narrowToSessionObject(object); + SFTKSlot *slot = sftk_SlotFromSession(session); + SFTKSessionObject *so = sftk_narrowToSessionObject(object); if (so) { PZ_Lock(session->objectLock); - pk11queue_add(&so->sessionList,0,session->objects,0); + sftkqueue_add(&so->sessionList,0,session->objects,0); so->session = session; PZ_Unlock(session->objectLock); } - pk11_AddSlotObject(slot,object); - pk11_ReferenceObject(object); + sftk_AddSlotObject(slot,object); + sftk_ReferenceObject(object); } /* * add an object to a slot andsession queue */ CK_RV -pk11_DeleteObject(PK11Session *session, PK11Object *object) +sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { - PK11Slot *slot = pk11_SlotFromSession(session); - PK11SessionObject *so = pk11_narrowToSessionObject(object); - PK11TokenObject *to = pk11_narrowToTokenObject(object); + SFTKSlot *slot = sftk_SlotFromSession(session); + SFTKSessionObject *so = sftk_narrowToSessionObject(object); + SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; SECStatus rv; NSSLOWCERTCertificate *cert; NSSLOWCERTCertTrust tmptrust; PRBool isKrl; - PRUint32 index = pk11_hash(object->handle, slot->tokObjHashSize); + PRUint32 index = sftk_hash(object->handle, slot->tokObjHashSize); /* Handle Token case */ if (so && so->session) { - PK11Session *session = so->session; + SFTKSession *session = so->session; PZ_Lock(session->objectLock); - pk11queue_delete(&so->sessionList,0,session->objects,0); + sftkqueue_delete(&so->sessionList,0,session->objects,0); PZ_Unlock(session->objectLock); PZ_Lock(slot->objectLock); - pk11queue_delete2(object, object->handle, index, slot->tokObjects); + sftkqueue_delete2(object, object->handle, index, slot->tokObjects); PZ_Unlock(slot->objectLock); - pk11queue_clear_deleted_element(object); - pk11_FreeObject(object); /* reduce it's reference count */ + sftkqueue_clear_deleted_element(object); + sftk_FreeObject(object); /* reduce it's reference count */ } else { PORT_Assert(to); /* remove the objects from the real data base */ - switch (object->handle & PK11_TOKEN_TYPE_MASK) { - case PK11_TOKEN_TYPE_PRIV: - case PK11_TOKEN_TYPE_KEY: + switch (object->handle & SFTK_TOKEN_TYPE_MASK) { + case SFTK_TOKEN_TYPE_PRIV: + case SFTK_TOKEN_TYPE_KEY: /* KEYID is the public KEY for DSA and DH, and the MODULUS for * RSA */ PORT_Assert(slot->keyDB); rv = nsslowkey_DeleteKey(slot->keyDB, &to->dbKey); if (rv != SECSuccess) crv= CKR_DEVICE_ERROR; break; - case PK11_TOKEN_TYPE_PUB: + case SFTK_TOKEN_TYPE_PUB: break; /* public keys only exist at the behest of the priv key */ - case PK11_TOKEN_TYPE_CERT: + case SFTK_TOKEN_TYPE_CERT: cert = nsslowcert_FindCertByKey(slot->certDB,&to->dbKey); if (cert == NULL) { crv = CKR_DEVICE_ERROR; @@ -2351,12 +2351,12 @@ pk11_DeleteObject(PK11Session *session, PK11Object *object) if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; nsslowcert_DestroyCertificate(cert); break; - case PK11_TOKEN_TYPE_CRL: - isKrl = (PRBool) (object->handle == PK11_TOKEN_KRL_HANDLE); + case SFTK_TOKEN_TYPE_CRL: + isKrl = (PRBool) (object->handle == SFTK_TOKEN_KRL_HANDLE); rv = nsslowcert_DeletePermCRL(slot->certDB,&to->dbKey,isKrl); if (rv == SECFailure) crv = CKR_DEVICE_ERROR; break; - case PK11_TOKEN_TYPE_TRUST: + case SFTK_TOKEN_TYPE_TRUST: cert = nsslowcert_FindCertByKey(slot->certDB,&to->dbKey); if (cert == NULL) { crv = CKR_DEVICE_ERROR; @@ -2376,9 +2376,9 @@ pk11_DeleteObject(PK11Session *session, PK11Object *object) default: break; } - pk11_tokenKeyLock(object->slot); - pk11_deleteTokenKeyByHandle(object->slot,object->handle); - pk11_tokenKeyUnlock(object->slot); + sftk_tokenKeyLock(object->slot); + sftk_deleteTokenKeyByHandle(object->slot,object->handle); + sftk_tokenKeyUnlock(object->slot); } return crv; } @@ -2389,10 +2389,10 @@ pk11_DeleteObject(PK11Session *session, PK11Object *object) * grabs the attribute locks for the src object for a *long* time. */ CK_RV -pk11_CopyObject(PK11Object *destObject,PK11Object *srcObject) +sftk_CopyObject(SFTKObject *destObject,SFTKObject *srcObject) { - PK11Attribute *attribute; - PK11SessionObject *src_so = pk11_narrowToSessionObject(srcObject); + SFTKAttribute *attribute; + SFTKSessionObject *src_so = sftk_narrowToSessionObject(srcObject); unsigned int i; if (src_so == NULL) { @@ -2404,16 +2404,16 @@ pk11_CopyObject(PK11Object *destObject,PK11Object *srcObject) attribute = src_so->head[i]; do { if (attribute) { - if (!pk11_hasAttribute(destObject,attribute->handle)) { + if (!sftk_hasAttribute(destObject,attribute->handle)) { /* we need to copy the attribute since each attribute * only has one set of link list pointers */ - PK11Attribute *newAttribute = pk11_NewAttribute( - destObject,pk11_attr_expand(&attribute->attrib)); + SFTKAttribute *newAttribute = sftk_NewAttribute( + destObject,sftk_attr_expand(&attribute->attrib)); if (newAttribute == NULL) { PZ_Unlock(src_so->attributeLock); return CKR_HOST_MEMORY; } - pk11_AddAttribute(destObject,newAttribute); + sftk_AddAttribute(destObject,newAttribute); } attribute=attribute->next; } @@ -2429,16 +2429,16 @@ pk11_CopyObject(PK11Object *destObject,PK11Object *srcObject) /* add an object to a search list */ CK_RV -AddToList(PK11ObjectListElement **list,PK11Object *object) +AddToList(SFTKObjectListElement **list,SFTKObject *object) { - PK11ObjectListElement *newElem = - (PK11ObjectListElement *)PORT_Alloc(sizeof(PK11ObjectListElement)); + SFTKObjectListElement *newElem = + (SFTKObjectListElement *)PORT_Alloc(sizeof(SFTKObjectListElement)); if (newElem == NULL) return CKR_HOST_MEMORY; newElem->next = *list; newElem->object = object; - pk11_ReferenceObject(object); + sftk_ReferenceObject(object); *list = newElem; return CKR_OK; @@ -2447,23 +2447,23 @@ AddToList(PK11ObjectListElement **list,PK11Object *object) /* return true if the object matches the template */ PRBool -pk11_objectMatch(PK11Object *object,CK_ATTRIBUTE_PTR theTemplate,int count) +sftk_objectMatch(SFTKObject *object,CK_ATTRIBUTE_PTR theTemplate,int count) { int i; for (i=0; i < count; i++) { - PK11Attribute *attribute = pk11_FindAttribute(object,theTemplate[i].type); + SFTKAttribute *attribute = sftk_FindAttribute(object,theTemplate[i].type); if (attribute == NULL) { return PR_FALSE; } if (attribute->attrib.ulValueLen == theTemplate[i].ulValueLen) { if (PORT_Memcmp(attribute->attrib.pValue,theTemplate[i].pValue, theTemplate[i].ulValueLen) == 0) { - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); continue; } } - pk11_FreeAttribute(attribute); + sftk_FreeAttribute(attribute); return PR_FALSE; } return PR_TRUE; @@ -2473,12 +2473,12 @@ pk11_objectMatch(PK11Object *object,CK_ATTRIBUTE_PTR theTemplate,int count) * in the object list. */ CK_RV -pk11_searchObjectList(PK11SearchResults *search,PK11Object **head, +sftk_searchObjectList(SFTKSearchResults *search,SFTKObject **head, unsigned int size, PZLock *lock, CK_ATTRIBUTE_PTR theTemplate, int count, PRBool isLoggedIn) { unsigned int i; - PK11Object *object; + SFTKObject *object; CK_RV crv = CKR_OK; for(i=0; i < size; i++) { @@ -2486,10 +2486,10 @@ pk11_searchObjectList(PK11SearchResults *search,PK11Object **head, * the linked list. */ PZ_Lock(lock); for (object = head[i]; object != NULL; object= object->next) { - if (pk11_objectMatch(object,theTemplate,count)) { + if (sftk_objectMatch(object,theTemplate,count)) { /* don't return objects that aren't yet visible */ - if ((!isLoggedIn) && pk11_isTrue(object,CKA_PRIVATE)) continue; - pk11_addHandle(search,object->handle); + if ((!isLoggedIn) && sftk_isTrue(object,CKA_PRIVATE)) continue; + sftk_addHandle(search,object->handle); } } PZ_Unlock(lock); @@ -2500,30 +2500,30 @@ pk11_searchObjectList(PK11SearchResults *search,PK11Object **head, /* * free a single list element. Return the Next object in the list. */ -PK11ObjectListElement * -pk11_FreeObjectListElement(PK11ObjectListElement *objectList) +SFTKObjectListElement * +sftk_FreeObjectListElement(SFTKObjectListElement *objectList) { - PK11ObjectListElement *ol = objectList->next; + SFTKObjectListElement *ol = objectList->next; - pk11_FreeObject(objectList->object); + sftk_FreeObject(objectList->object); PORT_Free(objectList); return ol; } /* free an entire object list */ void -pk11_FreeObjectList(PK11ObjectListElement *objectList) +sftk_FreeObjectList(SFTKObjectListElement *objectList) { - PK11ObjectListElement *ol; + SFTKObjectListElement *ol; - for (ol= objectList; ol != NULL; ol = pk11_FreeObjectListElement(ol)) {} + for (ol= objectList; ol != NULL; ol = sftk_FreeObjectListElement(ol)) {} } /* * free a search structure */ void -pk11_FreeSearch(PK11SearchResults *search) +sftk_FreeSearch(SFTKSearchResults *search) { if (search->handles) { PORT_Free(search->handles); @@ -2538,7 +2538,7 @@ pk11_FreeSearch(PK11SearchResults *search) /* update the sessions state based in it's flags and wether or not it's * logged in */ void -pk11_update_state(PK11Slot *slot,PK11Session *session) +sftk_update_state(SFTKSlot *slot,SFTKSession *session) { if (slot->isLoggedIn) { if (slot->ssoLoggedIn) { @@ -2559,16 +2559,16 @@ pk11_update_state(PK11Slot *slot,PK11Session *session) /* update the state of all the sessions on a slot */ void -pk11_update_all_states(PK11Slot *slot) +sftk_update_all_states(SFTKSlot *slot) { unsigned int i; - PK11Session *session; + SFTKSession *session; for (i=0; i < slot->sessHashSize; i++) { - PZLock *lock = PK11_SESSION_LOCK(slot,i); + PZLock *lock = SFTK_SESSION_LOCK(slot,i); PZ_Lock(lock); for (session = slot->head[i]; session; session = session->next) { - pk11_update_state(slot,session); + sftk_update_state(slot,session); } PZ_Unlock(lock); } @@ -2578,7 +2578,7 @@ pk11_update_all_states(PK11Slot *slot) * context are cipher and digest contexts that are associated with a session */ void -pk11_FreeContext(PK11SessionContext *context) +sftk_FreeContext(SFTKSessionContext *context) { if (context->cipherInfo) { (*context->destroy)(context->cipherInfo,PR_TRUE); @@ -2587,7 +2587,7 @@ pk11_FreeContext(PK11SessionContext *context) (*context->hashdestroy)(context->hashInfo,PR_TRUE); } if (context->key) { - pk11_FreeObject(context->key); + sftk_FreeObject(context->key); context->key = NULL; } PORT_Free(context); @@ -2597,16 +2597,16 @@ pk11_FreeContext(PK11SessionContext *context) * create a new nession. NOTE: The session handle is not set, and the * session is not added to the slot's session queue. */ -PK11Session * -pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, +SFTKSession * +sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, CK_FLAGS flags) { - PK11Session *session; - PK11Slot *slot = pk11_SlotFromID(slotID); + SFTKSession *session; + SFTKSlot *slot = sftk_SlotFromID(slotID); if (slot == NULL) return NULL; - session = (PK11Session*)PORT_Alloc(sizeof(PK11Session)); + session = (SFTKSession*)PORT_Alloc(sizeof(SFTKSession)); if (session == NULL) return NULL; session->next = session->prev = NULL; @@ -2629,16 +2629,16 @@ pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, session->info.flags = flags; session->info.slotID = slotID; session->info.ulDeviceError = 0; - pk11_update_state(slot,session); + sftk_update_state(slot,session); return session; } /* free all the data associated with a session. */ static void -pk11_DestroySession(PK11Session *session) +sftk_DestroySession(SFTKSession *session) { - PK11ObjectList *op,*next; + SFTKObjectList *op,*next; PORT_Assert(session->refCount == 0); /* clean out the attributes */ @@ -2648,20 +2648,20 @@ pk11_DestroySession(PK11Session *session) next = op->next; /* paranoia */ op->next = op->prev = NULL; - pk11_DeleteObject(session,op->parent); + sftk_DeleteObject(session,op->parent); } PZ_DestroyLock(session->objectLock); if (session->enc_context) { - pk11_FreeContext(session->enc_context); + sftk_FreeContext(session->enc_context); } if (session->hash_context) { - pk11_FreeContext(session->hash_context); + sftk_FreeContext(session->hash_context); } if (session->sign_context) { - pk11_FreeContext(session->sign_context); + sftk_FreeContext(session->sign_context); } if (session->search) { - pk11_FreeSearch(session->search); + sftk_FreeSearch(session->search); } PORT_Free(session); } @@ -2671,15 +2671,15 @@ pk11_DestroySession(PK11Session *session) * look up a session structure from a session handle * generate a reference to it. */ -PK11Session * -pk11_SessionFromHandle(CK_SESSION_HANDLE handle) +SFTKSession * +sftk_SessionFromHandle(CK_SESSION_HANDLE handle) { - PK11Slot *slot = pk11_SlotFromSessionHandle(handle); - PK11Session *session; - PZLock *lock = PK11_SESSION_LOCK(slot,handle); + SFTKSlot *slot = sftk_SlotFromSessionHandle(handle); + SFTKSession *session; + PZLock *lock = SFTK_SESSION_LOCK(slot,handle); PZ_Lock(lock); - pk11queue_find(session,handle,slot->head,slot->sessHashSize); + sftkqueue_find(session,handle,slot->head,slot->sessHashSize); if (session) session->refCount++; PZ_Unlock(lock); @@ -2690,24 +2690,24 @@ pk11_SessionFromHandle(CK_SESSION_HANDLE handle) * release a reference to a session handle */ void -pk11_FreeSession(PK11Session *session) +sftk_FreeSession(SFTKSession *session) { PRBool destroy = PR_FALSE; - PK11Slot *slot = pk11_SlotFromSession(session); - PZLock *lock = PK11_SESSION_LOCK(slot,session->handle); + SFTKSlot *slot = sftk_SlotFromSession(session); + PZLock *lock = SFTK_SESSION_LOCK(slot,session->handle); PZ_Lock(lock); if (session->refCount == 1) destroy = PR_TRUE; session->refCount--; PZ_Unlock(lock); - if (destroy) pk11_DestroySession(session); + if (destroy) sftk_DestroySession(session); } /* * handle Token Object stuff */ static void -pk11_XORHash(unsigned char *key, unsigned char *dbkey, int len) +sftk_XORHash(unsigned char *key, unsigned char *dbkey, int len) { int i; @@ -2723,7 +2723,7 @@ pk11_XORHash(unsigned char *key, unsigned char *dbkey, int len) /* Make a token handle for an object and record it so we can find it again */ CK_OBJECT_HANDLE -pk11_mkHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) +sftk_mkHandle(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) { unsigned char hashBuf[4]; CK_OBJECT_HANDLE handle; @@ -2731,34 +2731,34 @@ pk11_mkHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) handle = class; /* there is only one KRL, use a fixed handle for it */ - if (handle != PK11_TOKEN_KRL_HANDLE) { - pk11_XORHash(hashBuf,dbKey->data,dbKey->len); + if (handle != SFTK_TOKEN_KRL_HANDLE) { + sftk_XORHash(hashBuf,dbKey->data,dbKey->len); handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | (hashBuf[2] << 8) | hashBuf[3]; - handle = PK11_TOKEN_MAGIC | class | - (handle & ~(PK11_TOKEN_TYPE_MASK|PK11_TOKEN_MASK)); + handle = SFTK_TOKEN_MAGIC | class | + (handle & ~(SFTK_TOKEN_TYPE_MASK|SFTK_TOKEN_MASK)); /* we have a CRL who's handle has randomly matched the reserved KRL * handle, increment it */ - if (handle == PK11_TOKEN_KRL_HANDLE) { + if (handle == SFTK_TOKEN_KRL_HANDLE) { handle++; } } - pk11_tokenKeyLock(slot); - while ((key = pk11_lookupTokenKeyByHandle(slot,handle)) != NULL) { + sftk_tokenKeyLock(slot); + while ((key = sftk_lookupTokenKeyByHandle(slot,handle)) != NULL) { if (SECITEM_ItemsAreEqual(key,dbKey)) { - pk11_tokenKeyUnlock(slot); + sftk_tokenKeyUnlock(slot); return handle; } handle++; } - pk11_addTokenKeyByHandle(slot,handle,dbKey); - pk11_tokenKeyUnlock(slot); + sftk_addTokenKeyByHandle(slot,handle,dbKey); + sftk_tokenKeyUnlock(slot); return handle; } PRBool -pk11_poisonHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) +sftk_poisonHandle(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) { unsigned char hashBuf[4]; CK_OBJECT_HANDLE handle; @@ -2766,33 +2766,33 @@ pk11_poisonHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class) handle = class; /* there is only one KRL, use a fixed handle for it */ - if (handle != PK11_TOKEN_KRL_HANDLE) { - pk11_XORHash(hashBuf,dbKey->data,dbKey->len); + if (handle != SFTK_TOKEN_KRL_HANDLE) { + sftk_XORHash(hashBuf,dbKey->data,dbKey->len); handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | (hashBuf[2] << 8) | hashBuf[3]; - handle = PK11_TOKEN_MAGIC | class | - (handle & ~(PK11_TOKEN_TYPE_MASK|PK11_TOKEN_MASK)); + handle = SFTK_TOKEN_MAGIC | class | + (handle & ~(SFTK_TOKEN_TYPE_MASK|SFTK_TOKEN_MASK)); /* we have a CRL who's handle has randomly matched the reserved KRL * handle, increment it */ - if (handle == PK11_TOKEN_KRL_HANDLE) { + if (handle == SFTK_TOKEN_KRL_HANDLE) { handle++; } } - pk11_tokenKeyLock(slot); - while ((key = pk11_lookupTokenKeyByHandle(slot,handle)) != NULL) { + sftk_tokenKeyLock(slot); + while ((key = sftk_lookupTokenKeyByHandle(slot,handle)) != NULL) { if (SECITEM_ItemsAreEqual(key,dbKey)) { key->data[0] ^= 0x80; - pk11_tokenKeyUnlock(slot); + sftk_tokenKeyUnlock(slot); return PR_TRUE; } handle++; } - pk11_tokenKeyUnlock(slot); + sftk_tokenKeyUnlock(slot); return PR_FALSE; } void -pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle) +sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle) { if (search->handles == NULL) { return; @@ -2809,28 +2809,28 @@ pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle) search->size++; } -static const CK_OBJECT_HANDLE pk11_classArray[] = { +static const CK_OBJECT_HANDLE sftk_classArray[] = { 0, CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKO_SECRET_KEY, CKO_NETSCAPE_TRUST, CKO_NETSCAPE_CRL, CKO_NETSCAPE_SMIME, CKO_CERTIFICATE }; #define handleToClass(handle) \ - pk11_classArray[((handle & PK11_TOKEN_TYPE_MASK))>>28] + sftk_classArray[((handle & SFTK_TOKEN_TYPE_MASK))>>28] -PK11Object * -pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) +SFTKObject * +sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { - PK11Object *object = NULL; - PK11TokenObject *tokObject = NULL; + SFTKObject *object = NULL; + SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; SECStatus rv; - object = pk11_GetObjectFromList(&hasLocks, PR_FALSE, &tokenObjectList, 0, + object = sftk_GetObjectFromList(&hasLocks, PR_FALSE, &tokenObjectList, 0, PR_FALSE); if (object == NULL) { return NULL; } - tokObject = (PK11TokenObject *) object; + tokObject = (SFTKTokenObject *) object; object->objclass = handleToClass(handle); object->handle = handle; @@ -2838,14 +2838,14 @@ pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) object->objectInfo = NULL; object->infoFree = NULL; if (dbKey == NULL) { - pk11_tokenKeyLock(slot); - dbKey = pk11_lookupTokenKeyByHandle(slot,handle); + sftk_tokenKeyLock(slot); + dbKey = sftk_lookupTokenKeyByHandle(slot,handle); if (dbKey == NULL) { - pk11_tokenKeyUnlock(slot); + sftk_tokenKeyUnlock(slot); goto loser; } rv = SECITEM_CopyItem(NULL,&tokObject->dbKey,dbKey); - pk11_tokenKeyUnlock(slot); + sftk_tokenKeyUnlock(slot); } else { rv = SECITEM_CopyItem(NULL,&tokObject->dbKey,dbKey); } @@ -2863,50 +2863,50 @@ pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) return object; loser: if (object) { - (void) pk11_DestroyObject(object); + (void) sftk_DestroyObject(object); } return NULL; } PRBool -pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, +sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, CK_ATTRIBUTE_PTR theTemplate,int count) { - PK11Object *object; + SFTKObject *object; PRBool ret; - object = pk11_NewTokenObject(slot,dbKey,PK11_TOKEN_MASK|class); + object = sftk_NewTokenObject(slot,dbKey,SFTK_TOKEN_MASK|class); if (object == NULL) { return PR_FALSE; } - ret = pk11_objectMatch(object,theTemplate,count); - pk11_FreeObject(object); + ret = sftk_objectMatch(object,theTemplate,count); + sftk_FreeObject(object); return ret; } -PK11TokenObject * -pk11_convertSessionToToken(PK11Object *obj) +SFTKTokenObject * +sftk_convertSessionToToken(SFTKObject *obj) { SECItem *key; - PK11SessionObject *so = (PK11SessionObject *)obj; - PK11TokenObject *to = pk11_narrowToTokenObject(obj); + SFTKSessionObject *so = (SFTKSessionObject *)obj; + SFTKTokenObject *to = sftk_narrowToTokenObject(obj); SECStatus rv; - pk11_DestroySessionObjectData(so); + sftk_DestroySessionObjectData(so); PZ_DestroyLock(so->attributeLock); if (to == NULL) { return NULL; } - pk11_tokenKeyLock(so->obj.slot); - key = pk11_lookupTokenKeyByHandle(so->obj.slot,so->obj.handle); + sftk_tokenKeyLock(so->obj.slot); + key = sftk_lookupTokenKeyByHandle(so->obj.slot,so->obj.handle); if (key == NULL) { - pk11_tokenKeyUnlock(so->obj.slot); + sftk_tokenKeyUnlock(so->obj.slot); return NULL; } rv = SECITEM_CopyItem(NULL,&to->dbKey,key); - pk11_tokenKeyUnlock(so->obj.slot); + sftk_tokenKeyUnlock(so->obj.slot); if (rv == SECFailure) { return NULL; } @@ -2915,15 +2915,15 @@ pk11_convertSessionToToken(PK11Object *obj) } -PK11SessionObject * -pk11_narrowToSessionObject(PK11Object *obj) +SFTKSessionObject * +sftk_narrowToSessionObject(SFTKObject *obj) { - return !pk11_isToken(obj->handle) ? (PK11SessionObject *)obj : NULL; + return !sftk_isToken(obj->handle) ? (SFTKSessionObject *)obj : NULL; } -PK11TokenObject * -pk11_narrowToTokenObject(PK11Object *obj) +SFTKTokenObject * +sftk_narrowToTokenObject(SFTKObject *obj) { - return pk11_isToken(obj->handle) ? (PK11TokenObject *)obj : NULL; + return sftk_isToken(obj->handle) ? (SFTKTokenObject *)obj : NULL; } diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h index 117ba2d21ddb..f14c9069dad5 100644 --- a/security/nss/lib/softoken/softoken.h +++ b/security/nss/lib/softoken/softoken.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: softoken.h,v 1.6 2004/04/27 23:04:38 gerv%gerv.net Exp $ */ +/* $Id: softoken.h,v 1.7 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #ifndef _SOFTOKEN_H_ #define _SOFTOKEN_H_ @@ -46,7 +46,7 @@ #include "softoknt.h" #include "secoidt.h" -#include "pkcs11t.h" /* CK_RV Required for pk11_fipsPowerUpSelfTest(). */ +#include "pkcs11t.h" /* CK_RV Required for sftk_fipsPowerUpSelfTest(). */ SEC_BEGIN_PROTOS @@ -152,12 +152,12 @@ extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, ** Power-Up selftests required for FIPS and invoked only ** under PKCS #11 FIPS mode. */ -extern CK_RV pk11_fipsPowerUpSelfTest( void ); +extern CK_RV sftk_fipsPowerUpSelfTest( void ); /* ** make known fixed PKCS #11 key types to their sizes in bytes */ -unsigned long pk11_MapKeySize(CK_KEY_TYPE keyType); +unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType); SEC_END_PROTOS diff --git a/security/nss/lib/softoken/tlsprf.c b/security/nss/lib/softoken/tlsprf.c index 936f25f82ff1..ca9fe4d98d19 100644 --- a/security/nss/lib/softoken/tlsprf.c +++ b/security/nss/lib/softoken/tlsprf.c @@ -35,19 +35,19 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: tlsprf.c,v 1.4 2004/04/27 23:04:38 gerv%gerv.net Exp $ */ +/* $Id: tlsprf.c,v 1.5 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */ #include "pkcs11i.h" #include "sechash.h" #include "alghmac.h" -#define PK11_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) +#define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) #define PHASH_STATE_MAX_LEN 20 /* TLS P_hash function */ static SECStatus -pk11_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label, +sftk_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label, SECItem *seed, SECItem *result, PRBool isFIPS) { unsigned char state[PHASH_STATE_MAX_LEN]; @@ -119,7 +119,7 @@ loser: } SECStatus -pk11_PRF(const SECItem *secret, const char *label, SECItem *seed, +sftk_PRF(const SECItem *secret, const char *label, SECItem *seed, SECItem *result, PRBool isFIPS) { SECStatus rv = SECFailure, status; @@ -145,11 +145,11 @@ pk11_PRF(const SECItem *secret, const char *label, SECItem *seed, goto loser; tmp.len = result->len; - status = pk11_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS); + status = sftk_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS); if (status != SECSuccess) goto loser; - status = pk11_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS); + status = sftk_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS); if (status != SECSuccess) goto loser; @@ -164,7 +164,7 @@ loser: return rv; } -static void pk11_TLSPRFNull(void *data, PRBool freeit) +static void sftk_TLSPRFNull(void *data, PRBool freeit) { return; } @@ -181,7 +181,7 @@ typedef struct { } TLSPRFContext; static void -pk11_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, +sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, unsigned int data_len) { PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen; @@ -211,7 +211,7 @@ pk11_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, } static void -pk11_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout, +sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout, unsigned int *pDigestLen, unsigned int maxDigestLen) { *pDigestLen = 0; /* tells Verify that no data has been input yet. */ @@ -219,7 +219,7 @@ pk11_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout, /* Compute the PRF values from the data previously input. */ static SECStatus -pk11_TLSPRFUpdate(TLSPRFContext *cx, +sftk_TLSPRFUpdate(TLSPRFContext *cx, unsigned char *sig, /* output goes here. */ unsigned int * sigLen, /* how much output. */ unsigned int maxLen, /* output buffer size */ @@ -243,7 +243,7 @@ pk11_TLSPRFUpdate(TLSPRFContext *cx, sigItem.data = sig; sigItem.len = maxLen; - rv = pk11_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); + rv = sftk_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); if (rv == SECSuccess && sigLen != NULL) *sigLen = sigItem.len; return rv; @@ -251,7 +251,7 @@ pk11_TLSPRFUpdate(TLSPRFContext *cx, } static SECStatus -pk11_TLSPRFVerify(TLSPRFContext *cx, +sftk_TLSPRFVerify(TLSPRFContext *cx, unsigned char *sig, /* input, for comparison. */ unsigned int sigLen, /* length of sig. */ unsigned char *hash, /* data to be verified. */ @@ -267,9 +267,9 @@ pk11_TLSPRFVerify(TLSPRFContext *cx, /* hashLen is non-zero when the user does a one-step verify. ** In this case, none of the data has been input yet. */ - pk11_TLSPRFHashUpdate(cx, hash, hashLen); + sftk_TLSPRFHashUpdate(cx, hash, hashLen); } - rv = pk11_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); + rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); if (rv == SECSuccess) { rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); } @@ -278,7 +278,7 @@ pk11_TLSPRFVerify(TLSPRFContext *cx, } static void -pk11_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) +sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) { if (freeit) { if (cx->cxBufPtr != cx->cxBuf) @@ -288,11 +288,11 @@ pk11_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) } CK_RV -pk11_TLSPRFInit(PK11SessionContext *context, - PK11Object * key, +sftk_TLSPRFInit(SFTKSessionContext *context, + SFTKObject * key, CK_KEY_TYPE key_type) { - PK11Attribute * keyVal; + SFTKAttribute * keyVal; TLSPRFContext * prf_cx; CK_RV crv = CKR_HOST_MEMORY; PRUint32 keySize; @@ -303,7 +303,7 @@ pk11_TLSPRFInit(PK11SessionContext *context, context->multi = PR_TRUE; - keyVal = pk11_FindAttribute(key, CKA_VALUE); + keyVal = sftk_FindAttribute(key, CKA_VALUE); keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen; blockSize = keySize + sizeof(TLSPRFContext); prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize); @@ -312,7 +312,7 @@ pk11_TLSPRFInit(PK11SessionContext *context, prf_cx->cxSize = blockSize; prf_cx->cxKeyLen = keySize; prf_cx->cxDataLen = 0; - prf_cx->cxBufSize = blockSize - PK11_OFFSETOF(TLSPRFContext, cxBuf); + prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf); prf_cx->cxRv = SECSuccess; prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); prf_cx->cxBufPtr = prf_cx->cxBuf; @@ -321,17 +321,17 @@ pk11_TLSPRFInit(PK11SessionContext *context, context->hashInfo = (void *) prf_cx; context->cipherInfo = (void *) prf_cx; - context->hashUpdate = (PK11Hash) pk11_TLSPRFHashUpdate; - context->end = (PK11End) pk11_TLSPRFEnd; - context->update = (PK11Cipher) pk11_TLSPRFUpdate; - context->verify = (PK11Verify) pk11_TLSPRFVerify; - context->destroy = (PK11Destroy) pk11_TLSPRFNull; - context->hashdestroy = (PK11Destroy) pk11_TLSPRFHashDestroy; + context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate; + context->end = (SFTKEnd) sftk_TLSPRFEnd; + context->update = (SFTKCipher) sftk_TLSPRFUpdate; + context->verify = (SFTKVerify) sftk_TLSPRFVerify; + context->destroy = (SFTKDestroy) sftk_TLSPRFNull; + context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy; crv = CKR_OK; done: if (keyVal) - pk11_FreeAttribute(keyVal); + sftk_FreeAttribute(keyVal); return crv; }