mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

PKCS #11 module to supply Access to the Mac OS X Keychain.

This commit is contained in:
relyea%netscape.com 2005-11-23 23:04:08 +00:00
Родитель 82e02aaf47
Коммит cdcebb8e7e
18 изменённых файлов: 4466 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

105
security/nss/lib/ckfw/nssmkey/Makefile Normal file
Просмотреть файл

@ -0,0 +1,105 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
include config.mk
EXTRA_LIBS = \
$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(NULL)
# can't do this in manifest.mn because OS_TARGET isn't defined there.
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
ifdef NS_USE_GCC
EXTRA_LIBS += \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
else
EXTRA_SHARED_LIBS += \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
$(NULL)
endif # NS_USE_GCC
else
EXTRA_LIBS += \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
-framework Security \
-framework CoreServices \
$(NULL)
endif
include $(CORE_DEPTH)/coreconf/rules.mk
# Generate certdata.c.
generate:
perl certdata.perl < certdata.txt
# This'll need some help from a build person.
ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry
EXTRA_DSO_LDOPTS = -lc
MKSHLIB = xlC $(DSO_LDOPTS)
$(SHARED_LIBRARY): $(OBJS)
@$(MAKE_OBJDIR)
rm -f $@
$(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
chmod +x $@
endif
ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
LD += -G
endif

21
security/nss/lib/ckfw/nssmkey/README Normal file
Просмотреть файл

@ -0,0 +1,21 @@
This Cryptoki module provides acces to certs and keys stored in
Macintosh key Ring.
- It does not yet export PKCS #12 keys. To get this to work should be
implemented using exporting the key object in PKCS #8 wrapped format.
PSM work needs to happen before this can be completed.
- It does not import or export CA Root trust from the mac keychain.
- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
- The AuthRoots don't show up on the default list.
- Only RSA keys are supported currently.
There are a number of things that have not been tested that other PKCS #11
apps may need:
- reading Modulus and Public Exponents from private keys and public keys.
- storing public keys.
- setting attributes other than CKA_ID and CKA_LABEL.
Other TODOs:
- Check for and plug memory leaks.
- Need to map mac errors into something more intellegible than
CKR_GENERAL_ERROR.

236
security/nss/lib/ckfw/nssmkey/ckmk.h Normal file
Просмотреть файл

@ -0,0 +1,236 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef CKMK_H
#define CKMK_H 1
#ifdef DEBUG
static const char CKMK_CVS_ID[] = "@(#) $RCSfile: ckmk.h,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include <Security/SecKeychainSearch.h>
#include <Security/SecKeychainItem.h>
#include <Security/SecKeychain.h>
#include <Security/cssmtype.h>
#include <Security/cssmapi.h>
#include <Security/SecKey.h>
#include <Security/SecCertificate.h>
#define NTO
#include "nssckmdt.h"
#include "nssckfw.h"
/*
* I'm including this for access to the arena functions.
* Looks like we should publish that API.
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
/*
* This is where the Netscape extensions live, at least for now.
*/
#ifndef CKT_H
#include "ckt.h"
#endif /* CKT_H */
/*
* statically defined raw objects. Allows us to data description objects
* to this PKCS #11 module.
*/
struct ckmkRawObjectStr {
CK_ULONG n;
const CK_ATTRIBUTE_TYPE *types;
const NSSItem *items;
};
typedef struct ckmkRawObjectStr ckmkRawObject;
/*
* Key/Cert Items
*/
struct ckmkItemObjectStr {
SecKeychainItemRef itemRef;
SecItemClass itemClass;
PRBool hasID;
NSSItem modify;
NSSItem private;
NSSItem encrypt;
NSSItem decrypt;
NSSItem derive;
NSSItem sign;
NSSItem signRecover;
NSSItem verify;
NSSItem verifyRecover;
NSSItem wrap;
NSSItem unwrap;
NSSItem label;
NSSItem subject;
NSSItem issuer;
NSSItem serial;
NSSItem derCert;
NSSItem id;
NSSItem modulus;
NSSItem exponent;
NSSItem privateExponent;
NSSItem prime1;
NSSItem prime2;
NSSItem exponent1;
NSSItem exponent2;
NSSItem coefficient;
};
typedef struct ckmkItemObjectStr ckmkItemObject;
typedef enum {
ckmkRaw,
ckmkItem,
} ckmkObjectType;
/*
* all the various types of objects are abstracted away in cobject and
* cfind as ckmkInternalObjects.
*/
struct ckmkInternalObjectStr {
ckmkObjectType type;
union {
ckmkRawObject raw;
ckmkItemObject item;
} u;
CK_OBJECT_CLASS objClass;
NSSItem hashKey;
unsigned char hashKeyData[128];
NSSCKMDObject mdObject;
};
typedef struct ckmkInternalObjectStr ckmkInternalObject;
/* our raw object data array */
NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[];
NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects;
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_ManufacturerID;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_LibraryDescription;
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_SlotDescription;
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion;
NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenLabel;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenModel;
NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenSerialNumber;
NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance;
NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot;
NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken;
NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA;
NSS_EXTERN NSSCKMDSession *
nss_ckmk_CreateSession
(
NSSCKFWSession *fwSession,
CK_RV *pError
);
NSS_EXTERN NSSCKMDFindObjects *
nss_ckmk_FindObjectsInit
(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
);
/*
* Object Utilities
*/
NSS_EXTERN NSSCKMDObject *
nss_ckmk_CreateMDObject
(
NSSArena *arena,
ckmkInternalObject *io,
CK_RV *pError
);
NSS_EXTERN NSSCKMDObject *
nss_ckmk_CreateObject
(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
);
NSS_EXTERN const NSSItem *
nss_ckmk_FetchAttribute
(
ckmkInternalObject *io,
CK_ATTRIBUTE_TYPE type,
CK_RV *pError
);
NSS_EXTERN void
nss_ckmk_DestroyInternalObject
(
ckmkInternalObject *io
);
unsigned char *
nss_ckmk_DERUnwrap
(
unsigned char *src,
int size,
int *outSize,
unsigned char **next
);
CK_ULONG
nss_ckmk_GetULongAttribute
(
CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *template,
CK_ULONG templateSize,
CK_RV *pError;
);
#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
#ifdef DEBUG
#define CKMK_MACERR(str,err) cssmPerror(str,err)
#else
#define CKMK_MACERR(str,err)
#endif
#endif

59
security/nss/lib/ckfw/nssmkey/ckmkver.c Normal file
Просмотреть файл

@ -0,0 +1,59 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Library identity and versioning */
#include "nssmkey.h"
#if defined(DEBUG)
#define _DEBUG_STRING " (debug)"
#else
#define _DEBUG_STRING ""
#endif
/*
* Version information for the 'ident' and 'what commands
*
* NOTE: the first component of the concatenated rcsid string
* must not end in a '$' to prevent rcs keyword substitution.
*/
const char __nss_ckmk_rcsid[] = "$Header: NSS Access to the MAC OS X Key Ring "
NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING
" " __DATE__ " " __TIME__ " $";
const char __nss_ckmk_sccsid[] = "@(#)NSS Access to the MAC OS X Key Ring "
NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING
" " __DATE__ " " __TIME__;

57
security/nss/lib/ckfw/nssmkey/config.mk Normal file
Просмотреть файл

@ -0,0 +1,57 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
ifdef BUILD_IDG
DEFINES += -DNSSDEBUG
endif
ifdef NS_USE_CKFW_TRACE
DEFINES += -DTRACE
endif
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

55
security/nss/lib/ckfw/nssmkey/manchor.c Normal file
Просмотреть файл

@ -0,0 +1,55 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: manchor.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
/*
* nssmkey/manchor.c
*
* This file "anchors" the actual cryptoki entry points in this module's
* shared library, which is required for dynamic loading. See the
* comments in nssck.api for more information.
*/
#include "ckmk.h"
#define MODULE_NAME ckmk
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance
#include "nssck.api"

66
security/nss/lib/ckfw/nssmkey/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,66 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"
CORE_DEPTH = ../../../..
MODULE = nss
MAPFILE = $(OBJDIR)/nssmkey.def
EXPORTS = \
nssmkey.h \
$(NULL)
CSRCS = \
manchor.c \
mconstants.c \
mfind.c \
minst.c \
mobject.c \
mrsa.c \
msession.c \
mslot.c \
mtoken.c \
ckmkver.c \
staticobj.c \
$(NULL)
REQUIRES = nspr
LIBRARY_NAME = nssmkey
#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4

96
security/nss/lib/ckfw/nssmkey/mconstants.c Normal file
Просмотреть файл

@ -0,0 +1,96 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mconstants.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
/*
* nssmkey/constants.c
*
* Identification and other constants, all collected here in one place.
*/
#ifndef NSSBASET_H
#include "nssbaset.h"
#endif /* NSSBASET_H */
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#include "nssmkey.h"
NSS_IMPLEMENT_DATA const CK_VERSION
nss_ckmk_CryptokiVersion = {
NSS_CKMK_CRYPTOKI_VERSION_MAJOR,
NSS_CKMK_CRYPTOKI_VERSION_MINOR };
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation";
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_LibraryDescription = (NSSUTF8 *) "NSS Access to Mac OS X Key Ring";
NSS_IMPLEMENT_DATA const CK_VERSION
nss_ckmk_LibraryVersion = {
NSS_CKMK_LIBRARY_VERSION_MAJOR,
NSS_CKMK_LIBRARY_VERSION_MINOR};
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_SlotDescription = (NSSUTF8 *) "Mac OS X Key Ring";
NSS_IMPLEMENT_DATA const CK_VERSION
nss_ckmk_HardwareVersion = {
NSS_CKMK_HARDWARE_VERSION_MAJOR,
NSS_CKMK_HARDWARE_VERSION_MINOR };
NSS_IMPLEMENT_DATA const CK_VERSION
nss_ckmk_FirmwareVersion = {
NSS_CKMK_FIRMWARE_VERSION_MAJOR,
NSS_CKMK_FIRMWARE_VERSION_MINOR };
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_TokenLabel = (NSSUTF8 *) "Mac OS X Key Ring";
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_TokenModel = (NSSUTF8 *) "1";
NSS_IMPLEMENT_DATA const NSSUTF8 *
nss_ckmk_TokenSerialNumber = (NSSUTF8 *) "1";

404
security/nss/lib/ckfw/nssmkey/mfind.c Normal file
Просмотреть файл

@ -0,0 +1,404 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mfind.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#ifndef CKMK_H
#include "ckmk.h"
#endif /* CKMK_H */
/*
* nssmkey/mfind.c
*
* This file implements the NSSCKMDFindObjects object for the
* "nssmkey" cryptoki module.
*/
struct ckmkFOStr {
NSSArena *arena;
CK_ULONG n;
CK_ULONG i;
ckmkInternalObject **objs;
};
static void
ckmk_mdFindObjects_Final
(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
NSSArena *arena = fo->arena;
PRUint32 i;
/* walk down an free the unused 'objs' */
for (i=fo->i; i < fo->n ; i++) {
nss_ckmk_DestroyInternalObject(fo->objs[i]);
}
nss_ZFreeIf(fo->objs);
nss_ZFreeIf(fo);
nss_ZFreeIf(mdFindObjects);
if ((NSSArena *)NULL != arena) {
NSSArena_Destroy(arena);
}
return;
}
static NSSCKMDObject *
ckmk_mdFindObjects_Next
(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSArena *arena,
CK_RV *pError
)
{
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
ckmkInternalObject *io;
if( fo->i == fo->n ) {
*pError = CKR_OK;
return (NSSCKMDObject *)NULL;
}
io = fo->objs[ fo->i ];
fo->i++;
return nss_ckmk_CreateMDObject(arena, io, pError);
}
static CK_BBOOL
ckmk_attrmatch
(
CK_ATTRIBUTE_PTR a,
ckmkInternalObject *o
)
{
PRBool prb;
const NSSItem *b;
CK_RV error;
b = nss_ckmk_FetchAttribute(o, a->type, &error);
if (b == NULL) {
return CK_FALSE;
}
if( a->ulValueLen != b->size ) {
/* match a decoded serial number */
if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
int len;
unsigned char *data;
data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL);
if ((len == a->ulValueLen) &&
nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
return CK_TRUE;
}
}
return CK_FALSE;
}
prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
if( PR_TRUE == prb ) {
return CK_TRUE;
} else {
return CK_FALSE;
}
}
static CK_BBOOL
ckmk_match
(
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckmkInternalObject *o
)
{
CK_ULONG i;
for( i = 0; i < ulAttributeCount; i++ ) {
if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) {
return CK_FALSE;
}
}
/* Every attribute passed */
return CK_TRUE;
}
#define CKMK_ITEM_CHUNK 20
#define PUT_OBJECT(obj, err, size, count, list) \
{ \
if (count >= size) { \
(list) = (list) ? \
nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
((size)+CKMK_ITEM_CHUNK) ) : \
nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
((size)+CKMK_ITEM_CHUNK) ) ; \
if ((ckmkInternalObject **)NULL == list) { \
err = CKR_HOST_MEMORY; \
goto loser; \
} \
(size) += CKMK_ITEM_CHUNK; \
} \
(list)[ count ] = (obj); \
count++; \
}
/* find all the certs that represent the appropriate object (cert, priv key, or
* pub key) in the cert store.
*/
static PRUint32
collect_class(
CK_OBJECT_CLASS objClass,
SecItemClass itemClass,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckmkInternalObject ***listp,
PRUint32 *sizep,
PRUint32 count,
CK_RV *pError
)
{
ckmkInternalObject *next = NULL;
SecKeychainSearchRef searchRef = 0;
SecKeychainItemRef itemRef = 0;
OSStatus error;
/* future, build the attribute list based on the template
* so we can refine the search */
error = SecKeychainSearchCreateFromAttributes(
NULL, itemClass, NULL, &searchRef);
while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
/* if we don't have an internal object structure, get one */
if ((ckmkInternalObject *)NULL == next) {
next = nss_ZNEW(NULL, ckmkInternalObject);
if ((ckmkInternalObject *)NULL == next) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
}
/* fill in the relevant object data */
next->type = ckmkItem;
next->objClass = objClass;
next->u.item.itemRef = itemRef;
next->u.item.itemClass = itemClass;
/* see if this is one of the objects we are looking for */
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
/* yes, put it on the list */
PUT_OBJECT(next, *pError, *sizep, count, *listp);
next = NULL; /* this one is on the list, need to allocate a new one now */
} else {
/* no , release the current item and clear out the structure for reuse */
CFRelease(itemRef);
/* don't cache the values we just loaded */
nsslibc_memset(next, 0, sizeof(*next));
}
}
loser:
if (searchRef) {
CFRelease(searchRef);
}
nss_ZFreeIf(next);
return count;
}
static PRUint32
collect_objects(
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckmkInternalObject ***listp,
CK_RV *pError
)
{
PRUint32 i;
PRUint32 count = 0;
PRUint32 size = 0;
CK_OBJECT_CLASS objClass;
/*
* first handle the static build in objects (if any)
*/
for( i = 0; i < nss_ckmk_nObjects; i++ ) {
ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i];
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) {
PUT_OBJECT(o, *pError, size, count, *listp);
}
}
/*
* now handle the various object types
*/
objClass = nss_ckmk_GetULongAttribute(CKA_CLASS,
pTemplate, ulAttributeCount, pError);
if (CKR_OK != *pError) {
objClass = CK_INVALID_HANDLE;
}
*pError = CKR_OK;
switch (objClass) {
case CKO_CERTIFICATE:
count = collect_class(objClass, kSecCertificateItemClass,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
break;
case CKO_PUBLIC_KEY:
count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
break;
case CKO_PRIVATE_KEY:
count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
break;
/* all of them */
case CK_INVALID_HANDLE:
count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY,
pTemplate, ulAttributeCount, listp,
&size, count, pError);
break;
default:
break;
}
if (CKR_OK != *pError) {
goto loser;
}
return count;
loser:
nss_ZFreeIf(*listp);
return 0;
}
NSS_IMPLEMENT NSSCKMDFindObjects *
nss_ckmk_FindObjectsInit
(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
/* This could be made more efficient. I'm rather rushed. */
NSSArena *arena;
NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL;
ckmkInternalObject **temp = (ckmkInternalObject **)NULL;
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
goto loser;
}
rv = nss_ZNEW(arena, NSSCKMDFindObjects);
if( (NSSCKMDFindObjects *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
fo = nss_ZNEW(arena, struct ckmkFOStr);
if( (struct ckmkFOStr *)NULL == fo ) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
fo->arena = arena;
/* fo->n and fo->i are already zero */
rv->etc = (void *)fo;
rv->Final = ckmk_mdFindObjects_Final;
rv->Next = ckmk_mdFindObjects_Next;
rv->null = (void *)NULL;
fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
if (*pError != CKR_OK) {
goto loser;
}
fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n);
if( (ckmkInternalObject **)NULL == fo->objs ) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
(void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n);
nss_ZFreeIf(temp);
temp = (ckmkInternalObject **)NULL;
return rv;
loser:
nss_ZFreeIf(temp);
nss_ZFreeIf(fo);
nss_ZFreeIf(rv);
if ((NSSArena *)NULL != arena) {
NSSArena_Destroy(arena);
}
return (NSSCKMDFindObjects *)NULL;
}

148
security/nss/lib/ckfw/nssmkey/minst.c Normal file
Просмотреть файл

@ -0,0 +1,148 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: minst.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include "ckmk.h"
/*
* nssmkey/minstance.c
*
* This file implements the NSSCKMDInstance object for the
* "nssmkey" cryptoki module.
*/
/*
* NSSCKMDInstance methods
*/
static CK_ULONG
ckmk_mdInstance_GetNSlots
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (CK_ULONG)1;
}
static CK_VERSION
ckmk_mdInstance_GetCryptokiVersion
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_CryptokiVersion;
}
static NSSUTF8 *
ckmk_mdInstance_GetManufacturerID
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
}
static NSSUTF8 *
ckmk_mdInstance_GetLibraryDescription
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_LibraryDescription;
}
static CK_VERSION
ckmk_mdInstance_GetLibraryVersion
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_LibraryVersion;
}
static CK_RV
ckmk_mdInstance_GetSlots
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKMDSlot *slots[]
)
{
slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot;
return CKR_OK;
}
static CK_BBOOL
ckmk_mdInstance_ModuleHandlesSessionObjects
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
/* we don't want to allow any session object creation, at least
* until we can investigate whether or not we can use those objects
*/
return CK_TRUE;
}
NSS_IMPLEMENT_DATA const NSSCKMDInstance
nss_ckmk_mdInstance = {
(void *)NULL, /* etc */
NULL, /* Initialize */
NULL, /* Finalize */
ckmk_mdInstance_GetNSlots,
ckmk_mdInstance_GetCryptokiVersion,
ckmk_mdInstance_GetManufacturerID,
ckmk_mdInstance_GetLibraryDescription,
ckmk_mdInstance_GetLibraryVersion,
ckmk_mdInstance_ModuleHandlesSessionObjects,
/*NULL, /* HandleSessionObjects */
ckmk_mdInstance_GetSlots,
NULL, /* WaitForSlotEvent */
(void *)NULL /* null terminator */
};

1959
security/nss/lib/ckfw/nssmkey/mobject.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

547
security/nss/lib/ckfw/nssmkey/mrsa.c Normal file
Просмотреть файл

@ -0,0 +1,547 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Red Hat, Inc.
* Portions created by the Initial Developer are Copyright (C) 2005
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mrsa.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include "ckmk.h"
/* Sigh, For all the talk about 'ease of use', apple has hidden the interfaces
* needed to be able to truly use CSSM. These came from their modification
* to NSS's S/MIME code. The following two functions currently are not
* part of the SecKey.h interface.
*/
OSStatus
SecKeyGetCredentials
(
SecKeyRef keyRef,
CSSM_ACL_AUTHORIZATION_TAG authTag,
int type,
const CSSM_ACCESS_CREDENTIALS **creds
);
/* this function could be implemented using 'SecKeychainItemCopyKeychain' and
* 'SecKeychainGetCSPHandle' */
OSStatus
SecKeyGetCSPHandle
(
SecKeyRef keyRef,
CSSM_CSP_HANDLE *cspHandle
);
typedef struct ckmkInternalCryptoOperationRSAPrivStr
ckmkInternalCryptoOperationRSAPriv;
struct ckmkInternalCryptoOperationRSAPrivStr
{
NSSCKMDCryptoOperation mdOperation;
NSSCKMDMechanism *mdMechanism;
ckmkInternalObject *iKey;
NSSItem *buffer;
CSSM_CC_HANDLE cssmContext;
};
typedef enum {
CKMK_DECRYPT,
CKMK_SIGN
} ckmkRSAOpType;
/*
* ckmk_mdCryptoOperationRSAPriv_Create
*/
static NSSCKMDCryptoOperation *
ckmk_mdCryptoOperationRSAPriv_Create
(
const NSSCKMDCryptoOperation *proto,
NSSCKMDMechanism *mdMechanism,
NSSCKMDObject *mdKey,
ckmkRSAOpType type,
CK_RV *pError
)
{
ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc;
const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError);
const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError);
ckmkInternalCryptoOperationRSAPriv *iOperation;
SecKeyRef privateKey;
OSStatus macErr;
CSSM_RETURN cssmErr;
const CSSM_KEY *cssmKey;
CSSM_CSP_HANDLE cspHandle;
const CSSM_ACCESS_CREDENTIALS *creds = NULL;
CSSM_CC_HANDLE cssmContext;
CSSM_ACL_AUTHORIZATION_TAG authType;
/* make sure we have the right objects */
if (((const NSSItem *)NULL == classItem) ||
(sizeof(CK_OBJECT_CLASS) != classItem->size) ||
(CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
((const NSSItem *)NULL == keyType) ||
(sizeof(CK_KEY_TYPE) != keyType->size) ||
(CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
*pError = CKR_KEY_TYPE_INCONSISTENT;
return (NSSCKMDCryptoOperation *)NULL;
}
privateKey = (SecKeyRef) iKey->u.item.itemRef;
macErr = SecKeyGetCSSMKey(privateKey, &cssmKey);
if (noErr != macErr) {
CKMK_MACERR("Getting CSSM Key", macErr);
*pError = CKR_KEY_HANDLE_INVALID;
return (NSSCKMDCryptoOperation *)NULL;
}
macErr = SecKeyGetCSPHandle(privateKey, &cspHandle);
if (noErr != macErr) {
CKMK_MACERR("Getting CSP for Key", macErr);
*pError = CKR_KEY_HANDLE_INVALID;
return (NSSCKMDCryptoOperation *)NULL;
}
switch (type) {
case CKMK_DECRYPT:
authType = CSSM_ACL_AUTHORIZATION_DECRYPT;
break;
case CKMK_SIGN:
authType = CSSM_ACL_AUTHORIZATION_SIGN;
break;
default:
*pError = CKR_GENERAL_ERROR;
#ifdef DEBUG
fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type);
#endif
return (NSSCKMDCryptoOperation *)NULL;
}
macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds);
if (noErr != macErr) {
CKMK_MACERR("Getting Credentials for Key", macErr);
*pError = CKR_KEY_HANDLE_INVALID;
return (NSSCKMDCryptoOperation *)NULL;
}
switch (type) {
case CKMK_DECRYPT:
cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA,
creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext);
break;
case CKMK_SIGN:
cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
creds, cssmKey, &cssmContext);
break;
default:
*pError = CKR_GENERAL_ERROR;
#ifdef DEBUG
fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type);
#endif
return (NSSCKMDCryptoOperation *)NULL;
}
if (noErr != cssmErr) {
CKMK_MACERR("Getting Context for Key", cssmErr);
*pError = CKR_GENERAL_ERROR;
return (NSSCKMDCryptoOperation *)NULL;
}
iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv);
if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDCryptoOperation *)NULL;
}
iOperation->mdMechanism = mdMechanism;
iOperation->iKey = iKey;
iOperation->cssmContext = cssmContext;
nsslibc_memcpy(&iOperation->mdOperation,
proto, sizeof(NSSCKMDCryptoOperation));
iOperation->mdOperation.etc = iOperation;
return &iOperation->mdOperation;
}
static void
ckmk_mdCryptoOperationRSAPriv_Destroy
(
NSSCKMDCryptoOperation *mdOperation,
NSSCKFWCryptoOperation *fwOperation,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
ckmkInternalCryptoOperationRSAPriv *iOperation =
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
if (iOperation->buffer) {
nssItem_Destroy(iOperation->buffer);
}
if (iOperation->cssmContext) {
CSSM_DeleteContext(iOperation->cssmContext);
}
nss_ZFreeIf(iOperation);
return;
}
static CK_ULONG
ckmk_mdCryptoOperationRSA_GetFinalLength
(
NSSCKMDCryptoOperation *mdOperation,
NSSCKFWCryptoOperation *fwOperation,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
ckmkInternalCryptoOperationRSAPriv *iOperation =
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
const NSSItem *modulus =
nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError);
return modulus->size;
}
/*
* ckmk_mdCryptoOperationRSADecrypt_GetOperationLength
* we won't know the length until we actually decrypt the
* input block. Since we go to all the work to decrypt the
* the block, we'll save if for when the block is asked for
*/
static CK_ULONG
ckmk_mdCryptoOperationRSADecrypt_GetOperationLength
(
NSSCKMDCryptoOperation *mdOperation,
NSSCKFWCryptoOperation *fwOperation,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
const NSSItem *input,
CK_RV *pError
)
{
ckmkInternalCryptoOperationRSAPriv *iOperation =
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
CSSM_DATA cssmInput;
CSSM_DATA cssmOutput = { 0, NULL };
uint32 bytesDecrypted;
CSSM_DATA remainder = { 0, NULL };
NSSItem output;
CSSM_RETURN cssmErr;
if (iOperation->buffer) {
return iOperation->buffer->size;
}
cssmInput.Data = input->data;
cssmInput.Length = input->size;
cssmErr = CSSM_DecryptData(iOperation->cssmContext,
&cssmInput, 1, &cssmOutput, 1,
&bytesDecrypted, &remainder);
if (CSSM_OK != cssmErr) {
CKMK_MACERR("Decrypt Failed", cssmErr);
*pError = CKR_DATA_INVALID;
return 0;
}
/* we didn't suppy any buffers, so it should all be in remainder */
output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length);
if (NULL == output.data) {
free(cssmOutput.Data);
free(remainder.Data);
*pError = CKR_HOST_MEMORY;
return 0;
}
output.size = bytesDecrypted + remainder.Length;
if (0 != bytesDecrypted) {
nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted);
free(cssmOutput.Data);
}
if (0 != remainder.Length) {
nsslibc_memcpy(((char *)output.data)+bytesDecrypted,
remainder.Data, remainder.Length);
free(remainder.Data);
}
iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL);
nss_ZFreeIf(output.data);
if ((NSSItem *) NULL == iOperation->buffer) {
*pError = CKR_HOST_MEMORY;
return 0;
}
return iOperation->buffer->size;
}
/*
* ckmk_mdCryptoOperationRSADecrypt_UpdateFinal
*
* NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
* have been called previously.
*/
static CK_RV
ckmk_mdCryptoOperationRSADecrypt_UpdateFinal
(
NSSCKMDCryptoOperation *mdOperation,
NSSCKFWCryptoOperation *fwOperation,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
const NSSItem *input,
NSSItem *output
)
{
ckmkInternalCryptoOperationRSAPriv *iOperation =
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
NSSItem *buffer = iOperation->buffer;
if ((NSSItem *)NULL == buffer) {
return CKR_GENERAL_ERROR;
}
nsslibc_memcpy(output->data, buffer->data, buffer->size);
output->size = buffer->size;
return CKR_OK;
}
/*
* ckmk_mdCryptoOperationRSASign_UpdateFinal
*
*/
static CK_RV
ckmk_mdCryptoOperationRSASign_UpdateFinal
(
NSSCKMDCryptoOperation *mdOperation,
NSSCKFWCryptoOperation *fwOperation,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
const NSSItem *input,
NSSItem *output
)
{
ckmkInternalCryptoOperationRSAPriv *iOperation =
(ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
CSSM_DATA cssmInput;
CSSM_DATA cssmOutput = { 0, NULL };
CSSM_RETURN cssmErr;
cssmInput.Data = input->data;
cssmInput.Length = input->size;
cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1,
CSSM_ALGID_NONE, &cssmOutput);
if (CSSM_OK != cssmErr) {
CKMK_MACERR("Signed Failed", cssmErr);
return CKR_FUNCTION_FAILED;
}
if (cssmOutput.Length > output->size) {
free(cssmOutput.Data);
return CKR_BUFFER_TOO_SMALL;
}
nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length);
free(cssmOutput.Data);
output->size = cssmOutput.Length;
return CKR_OK;
}
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
ckmk_mdCryptoOperationRSADecrypt_proto = {
NULL, /* etc */
ckmk_mdCryptoOperationRSAPriv_Destroy,
NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
ckmk_mdCryptoOperationRSADecrypt_GetOperationLength,
NULL, /* Final - not needed for one shot operation */
NULL, /* Update - not needed for one shot operation */
NULL, /* DigetUpdate - not needed for one shot operation */
ckmk_mdCryptoOperationRSADecrypt_UpdateFinal,
NULL, /* UpdateCombo - not needed for one shot operation */
NULL, /* DigetKey - not needed for one shot operation */
(void *)NULL /* null terminator */
};
NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
ckmk_mdCryptoOperationRSASign_proto = {
NULL, /* etc */
ckmk_mdCryptoOperationRSAPriv_Destroy,
ckmk_mdCryptoOperationRSA_GetFinalLength,
NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
NULL, /* Final - not needed for one shot operation */
NULL, /* Update - not needed for one shot operation */
NULL, /* DigetUpdate - not needed for one shot operation */
ckmk_mdCryptoOperationRSASign_UpdateFinal,
NULL, /* UpdateCombo - not needed for one shot operation */
NULL, /* DigetKey - not needed for one shot operation */
(void *)NULL /* null terminator */
};
/********** NSSCKMDMechansim functions ***********************/
/*
* ckmk_mdMechanismRSA_Destroy
*/
static void
ckmk_mdMechanismRSA_Destroy
(
NSSCKMDMechanism *mdMechanism,
NSSCKFWMechanism *fwMechanism,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
nss_ZFreeIf(fwMechanism);
}
/*
* ckmk_mdMechanismRSA_GetMinKeySize
*/
static CK_ULONG
ckmk_mdMechanismRSA_GetMinKeySize
(
NSSCKMDMechanism *mdMechanism,
NSSCKFWMechanism *fwMechanism,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return 384;
}
/*
* ckmk_mdMechanismRSA_GetMaxKeySize
*/
static CK_ULONG
ckmk_mdMechanismRSA_GetMaxKeySize
(
NSSCKMDMechanism *mdMechanism,
NSSCKFWMechanism *fwMechanism,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return 16384;
}
/*
* ckmk_mdMechanismRSA_DecryptInit
*/
static NSSCKMDCryptoOperation *
ckmk_mdMechanismRSA_DecryptInit
(
NSSCKMDMechanism *mdMechanism,
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM *pMechanism,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKMDObject *mdKey,
NSSCKFWObject *fwKey,
CK_RV *pError
)
{
return ckmk_mdCryptoOperationRSAPriv_Create(
&ckmk_mdCryptoOperationRSADecrypt_proto,
mdMechanism, mdKey, CKMK_DECRYPT, pError);
}
/*
* ckmk_mdMechanismRSA_SignInit
*/
static NSSCKMDCryptoOperation *
ckmk_mdMechanismRSA_SignInit
(
NSSCKMDMechanism *mdMechanism,
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM *pMechanism,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKMDObject *mdKey,
NSSCKFWObject *fwKey,
CK_RV *pError
)
{
return ckmk_mdCryptoOperationRSAPriv_Create(
&ckmk_mdCryptoOperationRSASign_proto,
mdMechanism, mdKey, CKMK_SIGN, pError);
}
NSS_IMPLEMENT_DATA const NSSCKMDMechanism
nss_ckmk_mdMechanismRSA = {
(void *)NULL, /* etc */
ckmk_mdMechanismRSA_Destroy,
ckmk_mdMechanismRSA_GetMinKeySize,
ckmk_mdMechanismRSA_GetMaxKeySize,
NULL, /* GetInHardware - default false */
NULL, /* EncryptInit - default errs */
ckmk_mdMechanismRSA_DecryptInit,
NULL, /* DigestInit - default errs*/
ckmk_mdMechanismRSA_SignInit,
NULL, /* VerifyInit - default errs */
ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */
NULL, /* VerifyRecoverInit - default errs */
NULL, /* GenerateKey - default errs */
NULL, /* GenerateKeyPair - default errs */
NULL, /* GetWrapKeyLength - default errs */
NULL, /* WrapKey - default errs */
NULL, /* UnwrapKey - default errs */
NULL, /* DeriveKey - default errs */
(void *)NULL /* null terminator */
};

131
security/nss/lib/ckfw/nssmkey/msession.c Normal file
Просмотреть файл

@ -0,0 +1,131 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: msession.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include "ckmk.h"
/*
* nssmkey/msession.c
*
* This file implements the NSSCKMDSession object for the
* "nssmkey" cryptoki module.
*/
static NSSCKMDFindObjects *
ckmk_mdSession_FindObjectsInit
(
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
}
static NSSCKMDObject *
ckmk_mdSession_CreateObject
(
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSArena *arena,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
}
NSS_IMPLEMENT NSSCKMDSession *
nss_ckmk_CreateSession
(
NSSCKFWSession *fwSession,
CK_RV *pError
)
{
NSSArena *arena;
NSSCKMDSession *rv;
arena = NSSCKFWSession_GetArena(fwSession, pError);
if( (NSSArena *)NULL == arena ) {
return (NSSCKMDSession *)NULL;
}
rv = nss_ZNEW(arena, NSSCKMDSession);
if( (NSSCKMDSession *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDSession *)NULL;
}
/*
* rv was zeroed when allocated, so we only
* need to set the non-zero members.
*/
rv->etc = (void *)fwSession;
/* rv->Close */
/* rv->GetDeviceError */
/* rv->Login */
/* rv->Logout */
/* rv->InitPIN */
/* rv->SetPIN */
/* rv->GetOperationStateLen */
/* rv->GetOperationState */
/* rv->SetOperationState */
rv->CreateObject = ckmk_mdSession_CreateObject;
/* rv->CopyObject */
rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit;
/* rv->SeedRandom */
/* rv->GetRandom */
/* rv->null */
return rv;
}

129
security/nss/lib/ckfw/nssmkey/mslot.c Normal file
Просмотреть файл

@ -0,0 +1,129 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mslot.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include "ckmk.h"
/*
* nssmkey/mslot.c
*
* This file implements the NSSCKMDSlot object for the
* "nssmkey" cryptoki module.
*/
static NSSUTF8 *
ckmk_mdSlot_GetSlotDescription
(
NSSCKMDSlot *mdSlot,
NSSCKFWSlot *fwSlot,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_SlotDescription;
}
static NSSUTF8 *
ckmk_mdSlot_GetManufacturerID
(
NSSCKMDSlot *mdSlot,
NSSCKFWSlot *fwSlot,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
}
static CK_VERSION
ckmk_mdSlot_GetHardwareVersion
(
NSSCKMDSlot *mdSlot,
NSSCKFWSlot *fwSlot,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_HardwareVersion;
}
static CK_VERSION
ckmk_mdSlot_GetFirmwareVersion
(
NSSCKMDSlot *mdSlot,
NSSCKFWSlot *fwSlot,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_FirmwareVersion;
}
static NSSCKMDToken *
ckmk_mdSlot_GetToken
(
NSSCKMDSlot *mdSlot,
NSSCKFWSlot *fwSlot,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSCKMDToken *)&nss_ckmk_mdToken;
}
NSS_IMPLEMENT_DATA const NSSCKMDSlot
nss_ckmk_mdSlot = {
(void *)NULL, /* etc */
NULL, /* Initialize */
NULL, /* Destroy */
ckmk_mdSlot_GetSlotDescription,
ckmk_mdSlot_GetManufacturerID,
NULL, /* GetTokenPresent -- defaults to true */
NULL, /* GetRemovableDevice -- defaults to false */
NULL, /* GetHardwareSlot -- defaults to false */
ckmk_mdSlot_GetHardwareVersion,
ckmk_mdSlot_GetFirmwareVersion,
ckmk_mdSlot_GetToken,
(void *)NULL /* null terminator */
};

246
security/nss/lib/ckfw/nssmkey/mtoken.c Normal file
Просмотреть файл

@ -0,0 +1,246 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mtoken.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#include "ckmk.h"
/*
* nssmkey/mtoken.c
*
* This file implements the NSSCKMDToken object for the
* "nssmkey" cryptoki module.
*/
static NSSUTF8 *
ckmk_mdToken_GetLabel
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_TokenLabel;
}
static NSSUTF8 *
ckmk_mdToken_GetManufacturerID
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_ManufacturerID;
}
static NSSUTF8 *
ckmk_mdToken_GetModel
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_TokenModel;
}
static NSSUTF8 *
ckmk_mdToken_GetSerialNumber
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
return (NSSUTF8 *)nss_ckmk_TokenSerialNumber;
}
static CK_BBOOL
ckmk_mdToken_GetIsWriteProtected
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return CK_FALSE;
}
/* fake out Mozilla so we don't try to initialize the token */
static CK_BBOOL
ckmk_mdToken_GetUserPinInitialized
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return CK_TRUE;
}
static CK_VERSION
ckmk_mdToken_GetHardwareVersion
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_HardwareVersion;
}
static CK_VERSION
ckmk_mdToken_GetFirmwareVersion
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return nss_ckmk_FirmwareVersion;
}
static NSSCKMDSession *
ckmk_mdToken_OpenSession
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKFWSession *fwSession,
CK_BBOOL rw,
CK_RV *pError
)
{
return nss_ckmk_CreateSession(fwSession, pError);
}
static CK_ULONG
ckmk_mdToken_GetMechanismCount
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
return (CK_ULONG)1;
}
static CK_RV
ckmk_mdToken_GetMechanismTypes
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_MECHANISM_TYPE types[]
)
{
types[0] = CKM_RSA_PKCS;
return CKR_OK;
}
static NSSCKMDMechanism *
ckmk_mdToken_GetMechanism
(
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_MECHANISM_TYPE which,
CK_RV *pError
)
{
if (which != CKM_RSA_PKCS) {
*pError = CKR_MECHANISM_INVALID;
return (NSSCKMDMechanism *)NULL;
}
return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA;
}
NSS_IMPLEMENT_DATA const NSSCKMDToken
nss_ckmk_mdToken = {
(void *)NULL, /* etc */
NULL, /* Setup */
NULL, /* Invalidate */
NULL, /* InitToken -- default errs */
ckmk_mdToken_GetLabel,
ckmk_mdToken_GetManufacturerID,
ckmk_mdToken_GetModel,
ckmk_mdToken_GetSerialNumber,
NULL, /* GetHasRNG -- default is false */
ckmk_mdToken_GetIsWriteProtected,
NULL, /* GetLoginRequired -- default is false */
ckmk_mdToken_GetUserPinInitialized,
NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
NULL, /* GetHasClockOnToken -- default is false */
NULL, /* GetHasProtectedAuthenticationPath -- default is false */
NULL, /* GetSupportsDualCryptoOperations -- default is false */
NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
NULL, /* GetMaxPinLen -- irrelevant */
NULL, /* GetMinPinLen -- irrelevant */
NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
ckmk_mdToken_GetHardwareVersion,
ckmk_mdToken_GetFirmwareVersion,
NULL, /* GetUTCTime -- no clock */
ckmk_mdToken_OpenSession,
ckmk_mdToken_GetMechanismCount,
ckmk_mdToken_GetMechanismTypes,
ckmk_mdToken_GetMechanism,
(void *)NULL /* null terminator */
};

58
security/nss/lib/ckfw/nssmkey/nssmkey.def Normal file
Просмотреть файл

@ -0,0 +1,58 @@
;+#
;+# ***** BEGIN LICENSE BLOCK *****
;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
;+#
;+# The contents of this file are subject to the Mozilla Public License Version
;+# 1.1 (the "License"); you may not use this file except in compliance with
;+# the License. You may obtain a copy of the License at
;+# http://www.mozilla.org/MPL/
;+#
;+# Software distributed under the License is distributed on an "AS IS" basis,
;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
;+# for the specific language governing rights and limitations under the
;+# License.
;+#
;+# The Original Code is the Netscape security libraries.
;+#
;+# The Initial Developer of the Original Code is
;+# Netscape Communications Corporation.
;+# Portions created by the Initial Developer are Copyright (C) 2003
;+# the Initial Developer. All Rights Reserved.
;+#
;+# Contributor(s):
;+#
;+# Alternatively, the contents of this file may be used under the terms of
;+# either the GNU General Public License Version 2 or later (the "GPL"), or
;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
;+# in which case the provisions of the GPL or the LGPL are applicable instead
;+# of those above. If you wish to allow use of your version of this file only
;+# under the terms of either the GPL or the LGPL, and not to allow others to
;+# use your version of this file under the terms of the MPL, indicate your
;+# decision by deleting the provisions above and replace them with the notice
;+# and other provisions required by the GPL or the LGPL. If you do not delete
;+# the provisions above, a recipient may use your version of this file under
;+# the terms of any one of the MPL, the GPL or the LGPL.
;+#
;+# ***** END LICENSE BLOCK *****
;+#
;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
;+# 1. For all unix platforms, the string ";-" means "remove this line"
;+# 2. For all unix platforms, the string " DATA " will be removed from any
;+# line on which it occurs.
;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
;+# On AIX, lines containing ";+" will be removed.
;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
;+# 5. For all unix platforms, after the above processing has taken place,
;+# all characters after the first ";" on the line will be removed.
;+# And for AIX, the first ";" will also be removed.
;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
;+# directives are hidden behind ";", ";+", and ";-"
;+
;+NSSMKEY_3.0 { # First release of nssmkey
;+ global:
LIBRARY nssmkey ;-
EXPORTS ;-
C_GetFunctionList;
;+ local:
;+*;
;+};

75
security/nss/lib/ckfw/nssmkey/nssmkey.h Normal file
Просмотреть файл

@ -0,0 +1,75 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef NSSMKEY_H
#define NSSMKEY_H
/*
* NSS CKMK Version numbers.
*
* These are the version numbers for the nssmkey module packaged with
* this release on NSS. To determine the version numbers of the builtin
* module you are using, use the appropriate PKCS #11 calls.
*
* These version numbers detail changes to the PKCS #11 interface. They map
* to the PKCS #11 spec versions.
*/
#define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2
#define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20
/* These version numbers detail the changes
* to the list of trusted certificates.
*
* NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition.
*/
#define NSS_CKMK_LIBRARY_VERSION_MAJOR 1
#define NSS_CKMK_LIBRARY_VERSION_MINOR 1
#define NSS_CKMK_LIBRARY_VERSION "1.1"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_CKMK_HARDWARE_VERSION_MAJOR 1
#define NSS_CKMK_HARDWARE_VERSION_MINOR 0
/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1
#define NSS_CKMK_FIRMWARE_VERSION_MINOR 0
#endif /* NSSMKEY_H */

74
security/nss/lib/ckfw/nssmkey/staticobj.c Normal file
Просмотреть файл

@ -0,0 +1,74 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
* Portions created by Red Hat, Inc, are Copyright (C) 2005
*
* Contributor(s):
* Bob Relyea (rrelyea@redhat.com)
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
#endif /* DEBUG */
#ifndef CKMK_H
#include "ckmk.h"
#endif /* CKMK_H */
static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
static const CK_BBOOL ck_true = CK_TRUE;
static const CK_OBJECT_CLASS cko_data = CKO_DATA;
static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
static const CK_BBOOL ck_false = CK_FALSE;
static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
/* example of a static object */
static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
};
static const NSSItem nss_ckmk_items_1 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 }
};
PR_IMPLEMENT_DATA(ckmkInternalObject) nss_ckmk_data[] = {
{ ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} },
};
PR_IMPLEMENT_DATA(const PRUint32) nss_ckmk_nObjects = 1;