diff options
Diffstat (limited to 'nss/lib/ckfw')
75 files changed, 25146 insertions, 27246 deletions
diff --git a/nss/lib/ckfw/builtins/Makefile b/nss/lib/ckfw/builtins/Makefile index 8ca0d33..22726e2 100644 --- a/nss/lib/ckfw/builtins/Makefile +++ b/nss/lib/ckfw/builtins/Makefile @@ -51,4 +51,4 @@ endif $(OBJDIR)/certdata.c: $(NSS_CERTDATA_TXT) certdata.perl @$(MAKE_OBJDIR) - $(PERL) certdata.perl < $(NSS_CERTDATA_TXT) > $@ + $(PERL) certdata.perl $(NSS_CERTDATA_TXT) $@ diff --git a/nss/lib/ckfw/builtins/anchor.c b/nss/lib/ckfw/builtins/anchor.c index 51b4a56..af21c6a 100644 --- a/nss/lib/ckfw/builtins/anchor.c +++ b/nss/lib/ckfw/builtins/anchor.c @@ -6,7 +6,7 @@ * builtins/anchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ diff --git a/nss/lib/ckfw/builtins/bfind.c b/nss/lib/ckfw/builtins/bfind.c index df35ed8..3e5da1a 100644 --- a/nss/lib/ckfw/builtins/bfind.c +++ b/nss/lib/ckfw/builtins/bfind.c @@ -14,258 +14,248 @@ */ struct builtinsFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - builtinsInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + builtinsInternalObject **objs; }; static void -builtins_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } + struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } - return; + return; } static NSSCKMDObject * -builtins_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +builtins_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; - builtinsInternalObject *io; + struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; + builtinsInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_builtins_CreateMDObject(arena, io, pError); + return nss_builtins_CreateMDObject(arena, io, pError); } static int -builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) { +builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) +{ unsigned char *start = src; int len = 0; - if (*src ++ != 2) { - return 0; + if (*src++ != 2) { + return 0; } len = *src++; if (len & 0x80) { - int count = len & 0x7f; - len =0; - - if (count+2 > size) { - return 0; - } - while (count-- > 0) { - len = (len << 8) | *src++; - } + int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return 0; + } + while (count-- > 0) { + len = (len << 8) | *src++; + } } - if (len + (src-start) != size) { - return 0; + if (len + (src - start) != size) { + return 0; } *dest = src; return len; } static CK_BBOOL -builtins_attrmatch -( - CK_ATTRIBUTE_PTR a, - const NSSItem *b -) +builtins_attrmatch( + CK_ATTRIBUTE_PTR a, + const NSSItem *b) { - PRBool prb; - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - int len; - unsigned char *data = NULL; - - len = builtins_derUnwrapInt(b->data,b->size,&data); - if (data && - (len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data = NULL; + + len = builtins_derUnwrapInt(b->data, b->size, &data); + if (data && + (len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } + if (PR_TRUE == prb) { + return CK_TRUE; + } else { + return CK_FALSE; + } } - static CK_BBOOL -builtins_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - builtinsInternalObject *o -) +builtins_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + builtinsInternalObject *o) { - CK_ULONG i; - - for( i = 0; i < ulAttributeCount; i++ ) { - CK_ULONG j; - - for( j = 0; j < o->n; j++ ) { - if( o->types[j] == pTemplate[i].type ) { - if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) { - return CK_FALSE; - } else { - break; + CK_ULONG i; + + for (i = 0; i < ulAttributeCount; i++) { + CK_ULONG j; + + for (j = 0; j < o->n; j++) { + if (o->types[j] == pTemplate[i].type) { + if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) { + return CK_FALSE; + } else { + break; + } + } } - } - } - if( j == o->n ) { - /* Loop ran to the end: no matching attribute */ - return CK_FALSE; + if (j == o->n) { + /* Loop ran to the end: no matching attribute */ + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } NSS_IMPLEMENT NSSCKMDFindObjects * -nss_builtins_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_builtins_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL; + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL; - /* +/* * 99% of the time we get 0 or 1 matches. So we start with a small * stack-allocated array to hold the matches and switch to a heap-allocated * array later if the number of matches exceeds STACK_BUF_LENGTH. */ - #define STACK_BUF_LENGTH 1 - builtinsInternalObject *stackTemp[STACK_BUF_LENGTH]; - builtinsInternalObject **temp = stackTemp; - PRBool tempIsHeapAllocated = PR_FALSE; - PRUint32 i; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct builtinsFOStr); - if( (struct builtinsFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = builtins_mdFindObjects_Final; - rv->Next = builtins_mdFindObjects_Next; - rv->null = (void *)NULL; - - for( i = 0; i < nss_builtins_nObjects; i++ ) { - builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i]; - - if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) { - if( fo->n == STACK_BUF_LENGTH ) { - /* Switch from the small stack array to a heap-allocated array large +#define STACK_BUF_LENGTH 1 + builtinsInternalObject *stackTemp[STACK_BUF_LENGTH]; + builtinsInternalObject **temp = stackTemp; + PRBool tempIsHeapAllocated = PR_FALSE; + PRUint32 i; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct builtinsFOStr); + if ((struct builtinsFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = builtins_mdFindObjects_Final; + rv->Next = builtins_mdFindObjects_Next; + rv->null = (void *)NULL; + + for (i = 0; i < nss_builtins_nObjects; i++) { + builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i]; + + if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) { + if (fo->n == STACK_BUF_LENGTH) { + /* Switch from the small stack array to a heap-allocated array large * enough to handle matches in all remaining cases. */ - temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, - fo->n + nss_builtins_nObjects - i); - if( (builtinsInternalObject **)NULL == temp ) { - *pError = CKR_HOST_MEMORY; - goto loser; + temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, + fo->n + nss_builtins_nObjects - i); + if ((builtinsInternalObject **)NULL == temp) { + *pError = + CKR_HOST_MEMORY; + goto loser; + } + tempIsHeapAllocated = PR_TRUE; + (void)nsslibc_memcpy(temp, stackTemp, + sizeof(builtinsInternalObject *) * fo->n); + } + + temp[fo->n] = o; + fo->n++; } - tempIsHeapAllocated = PR_TRUE; - (void)nsslibc_memcpy(temp, stackTemp, - sizeof(builtinsInternalObject *) * fo->n); - } + } - temp[ fo->n ] = o; - fo->n++; + fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n); + if ((builtinsInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n); + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + temp = (builtinsInternalObject **)NULL; } - } - - fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n); - if( (builtinsInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n); - if (tempIsHeapAllocated) { - nss_ZFreeIf(temp); - temp = (builtinsInternalObject **)NULL; - } - - return rv; - - loser: - if (tempIsHeapAllocated) { - nss_ZFreeIf(temp); - } - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + return rv; + +loser: + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + } + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/nss/lib/ckfw/builtins/binst.c b/nss/lib/ckfw/builtins/binst.c index 8cb057d..ca1dac8 100644 --- a/nss/lib/ckfw/builtins/binst.c +++ b/nss/lib/ckfw/builtins/binst.c @@ -7,7 +7,7 @@ /* * builtins/instance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "builtin objects" cryptoki module. */ @@ -16,84 +16,72 @@ */ static CK_ULONG -builtins_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -builtins_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_CryptokiVersion; + return nss_builtins_CryptokiVersion; } static NSSUTF8 * -builtins_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static NSSUTF8 * -builtins_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_LibraryDescription; + return (NSSUTF8 *)nss_builtins_LibraryDescription; } static CK_VERSION -builtins_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #define NSS_VERSION_VARIABLE __nss_builtins_version #include "verref.h" - return nss_builtins_LibraryVersion; + return nss_builtins_LibraryVersion; } static CK_RV -builtins_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +builtins_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot; + return CKR_OK; } const NSSCKMDInstance -nss_builtins_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - builtins_mdInstance_GetNSlots, - builtins_mdInstance_GetCryptokiVersion, - builtins_mdInstance_GetManufacturerID, - builtins_mdInstance_GetLibraryDescription, - builtins_mdInstance_GetLibraryVersion, - NULL, /* ModuleHandlesSessionObjects -- defaults to false */ - builtins_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_builtins_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + builtins_mdInstance_GetNSlots, + builtins_mdInstance_GetCryptokiVersion, + builtins_mdInstance_GetManufacturerID, + builtins_mdInstance_GetLibraryDescription, + builtins_mdInstance_GetLibraryVersion, + NULL, /* ModuleHandlesSessionObjects -- defaults to false */ + builtins_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/builtins/bobject.c b/nss/lib/ckfw/builtins/bobject.c index 55876c0..1c0babd 100644 --- a/nss/lib/ckfw/builtins/bobject.c +++ b/nss/lib/ckfw/builtins/bobject.c @@ -24,199 +24,183 @@ */ static CK_RV -builtins_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CKR_SESSION_READ_ONLY; + return CKR_SESSION_READ_ONLY; } static CK_BBOOL -builtins_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -builtins_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - return io->n; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + return io->n; } static CK_RV -builtins_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +builtins_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; - if( io->n != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } + if (io->n != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } - for( i = 0; i < io->n; i++ ) { - typeArray[i] = io->types[i]; - } + for (i = 0; i < io->n; i++) { + typeArray[i] = io->types[i]; + } - return CKR_OK; + return CKR_OK; } static CK_ULONG -builtins_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +builtins_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; - for( i = 0; i < io->n; i++ ) { - if( attribute == io->types[i] ) { - return (CK_ULONG)(io->items[i].size); + for (i = 0; i < io->n; i++) { + if (attribute == io->types[i]) { + return (CK_ULONG)(io->items[i].size); + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; } static NSSCKFWItem -builtins_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +builtins_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; - - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*) NULL; - - for( i = 0; i < io->n; i++ ) { - if( attribute == io->types[i] ) { - mdItem.item = (NSSItem*) &io->items[i]; - return mdItem; + NSSCKFWItem mdItem; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; + + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)NULL; + + for (i = 0; i < io->n; i++) { + if (attribute == io->types[i]) { + mdItem.item = (NSSItem *)&io->items[i]; + return mdItem; + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return mdItem; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return mdItem; } static CK_ULONG -builtins_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; - CK_ULONG rv = sizeof(CK_ULONG); + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; + CK_ULONG rv = sizeof(CK_ULONG); - for( i = 0; i < io->n; i++ ) { - rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size; - } + for (i = 0; i < io->n; i++) { + rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size; + } - return rv; + return rv; } static const NSSCKMDObject -builtins_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - builtins_mdObject_Destroy, - builtins_mdObject_IsTokenObject, - builtins_mdObject_GetAttributeCount, - builtins_mdObject_GetAttributeTypes, - builtins_mdObject_GetAttributeSize, - builtins_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - NULL, /* SetAttribute */ - builtins_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + builtins_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + builtins_mdObject_Destroy, + builtins_mdObject_IsTokenObject, + builtins_mdObject_GetAttributeCount, + builtins_mdObject_GetAttributeTypes, + builtins_mdObject_GetAttributeSize, + builtins_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + NULL, /* SetAttribute */ + builtins_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT NSSCKMDObject * -nss_builtins_CreateMDObject -( - NSSArena *arena, - builtinsInternalObject *io, - CK_RV *pError -) +nss_builtins_CreateMDObject( + NSSArena *arena, + builtinsInternalObject *io, + CK_RV *pError) { - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject, - sizeof(builtins_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject, + sizeof(builtins_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } - return &io->mdObject; + return &io->mdObject; } diff --git a/nss/lib/ckfw/builtins/bsession.c b/nss/lib/ckfw/builtins/bsession.c index 6705bfc..6828a49 100644 --- a/nss/lib/ckfw/builtins/bsession.c +++ b/nss/lib/ckfw/builtins/bsession.c @@ -7,69 +7,65 @@ /* * builtins/session.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "builtin objects" cryptoki module. */ static NSSCKMDFindObjects * -builtins_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +builtins_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_builtins_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_builtins_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - /* rv->CreateObject */ - /* rv->CopyObject */ - rv->FindObjectsInit = builtins_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + /* rv->CreateObject */ + /* rv->CopyObject */ + rv->FindObjectsInit = builtins_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/nss/lib/ckfw/builtins/bslot.c b/nss/lib/ckfw/builtins/bslot.c index 7cc9dcd..f2ef1ef 100644 --- a/nss/lib/ckfw/builtins/bslot.c +++ b/nss/lib/ckfw/builtins/bslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -builtins_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_SlotDescription; + return (NSSUTF8 *)nss_builtins_SlotDescription; } static NSSUTF8 * -builtins_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static CK_VERSION -builtins_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_HardwareVersion; + return nss_builtins_HardwareVersion; } static CK_VERSION -builtins_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_FirmwareVersion; + return nss_builtins_FirmwareVersion; } static NSSCKMDToken * -builtins_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_builtins_mdToken; + return (NSSCKMDToken *)&nss_builtins_mdToken; } const NSSCKMDSlot -nss_builtins_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - builtins_mdSlot_GetSlotDescription, - builtins_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - builtins_mdSlot_GetHardwareVersion, - builtins_mdSlot_GetFirmwareVersion, - builtins_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_builtins_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + builtins_mdSlot_GetSlotDescription, + builtins_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + builtins_mdSlot_GetHardwareVersion, + builtins_mdSlot_GetFirmwareVersion, + builtins_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/builtins/btoken.c b/nss/lib/ckfw/builtins/btoken.c index a68d511..ae1e138 100644 --- a/nss/lib/ckfw/builtins/btoken.c +++ b/nss/lib/ckfw/builtins/btoken.c @@ -12,140 +12,124 @@ */ static NSSUTF8 * -builtins_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenLabel; + return (NSSUTF8 *)nss_builtins_TokenLabel; } static NSSUTF8 * -builtins_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static NSSUTF8 * -builtins_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenModel; + return (NSSUTF8 *)nss_builtins_TokenModel; } static NSSUTF8 * -builtins_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenSerialNumber; + return (NSSUTF8 *)nss_builtins_TokenSerialNumber; } static CK_BBOOL -builtins_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -builtins_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_HardwareVersion; + return nss_builtins_HardwareVersion; } static CK_VERSION -builtins_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_FirmwareVersion; + return nss_builtins_FirmwareVersion; } static NSSCKMDSession * -builtins_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +builtins_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_builtins_CreateSession(fwSession, pError); + return nss_builtins_CreateSession(fwSession, pError); } const NSSCKMDToken -nss_builtins_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - builtins_mdToken_GetLabel, - builtins_mdToken_GetManufacturerID, - builtins_mdToken_GetModel, - builtins_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - builtins_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - NULL, /* GetUserPinInitialized -- default is false */ - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - builtins_mdToken_GetHardwareVersion, - builtins_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - builtins_mdToken_OpenSession, - NULL, /* GetMechanismCount -- default is zero */ - NULL, /* GetMechanismTypes -- irrelevant */ - NULL, /* GetMechanism -- irrelevant */ - (void *)NULL /* null terminator */ -}; + nss_builtins_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + builtins_mdToken_GetLabel, + builtins_mdToken_GetManufacturerID, + builtins_mdToken_GetModel, + builtins_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + builtins_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + NULL, /* GetUserPinInitialized -- default is false */ + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + builtins_mdToken_GetHardwareVersion, + builtins_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + builtins_mdToken_OpenSession, + NULL, /* GetMechanismCount -- default is zero */ + NULL, /* GetMechanismTypes -- irrelevant */ + NULL, /* GetMechanism -- irrelevant */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/builtins/builtins.gyp b/nss/lib/ckfw/builtins/builtins.gyp new file mode 100644 index 0000000..d854425 --- /dev/null +++ b/nss/lib/ckfw/builtins/builtins.gyp @@ -0,0 +1,61 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'nssckbi', + 'type': 'shared_library', + 'sources': [ + 'anchor.c', + 'bfind.c', + 'binst.c', + 'bobject.c', + 'bsession.c', + 'bslot.c', + 'btoken.c', + 'ckbiver.c', + 'constants.c', + '<(INTERMEDIATE_DIR)/certdata.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/ckfw/ckfw.gyp:nssckfw', + '<(DEPTH)/lib/base/base.gyp:nssb' + ], + 'actions': [ + { + 'msvs_cygwin_shell': 0, + 'action': [ + 'perl', + 'certdata.perl', + 'certdata.txt', + '<@(_outputs)', + ], + 'inputs': [ + 'certdata.perl', + 'certdata.txt' + ], + 'outputs': [ + '<(INTERMEDIATE_DIR)/certdata.c' + ], + 'action_name': 'generate_certdata_c' + } + ], + 'variables': { + 'mapfile': 'nssckbi.def' + } + } + ], + 'target_defaults': { + 'include_dirs': [ + '.' + ] + }, + 'variables': { + 'module': 'nss', + } +} diff --git a/nss/lib/ckfw/builtins/builtins.h b/nss/lib/ckfw/builtins/builtins.h index a4a90f1..a1693c2 100644 --- a/nss/lib/ckfw/builtins/builtins.h +++ b/nss/lib/ckfw/builtins/builtins.h @@ -21,52 +21,46 @@ #endif /* CKT_H */ struct builtinsInternalObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; - NSSCKMDObject mdObject; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; + NSSCKMDObject mdObject; }; typedef struct builtinsInternalObjectStr builtinsInternalObject; -extern builtinsInternalObject nss_builtins_data[]; -extern const PRUint32 nss_builtins_nObjects; +extern builtinsInternalObject nss_builtins_data[]; +extern const PRUint32 nss_builtins_nObjects; -extern const CK_VERSION nss_builtins_CryptokiVersion; -extern const CK_VERSION nss_builtins_LibraryVersion; -extern const CK_VERSION nss_builtins_HardwareVersion; -extern const CK_VERSION nss_builtins_FirmwareVersion; +extern const CK_VERSION nss_builtins_CryptokiVersion; +extern const CK_VERSION nss_builtins_LibraryVersion; +extern const CK_VERSION nss_builtins_HardwareVersion; +extern const CK_VERSION nss_builtins_FirmwareVersion; -extern const NSSUTF8 nss_builtins_ManufacturerID[]; -extern const NSSUTF8 nss_builtins_LibraryDescription[]; -extern const NSSUTF8 nss_builtins_SlotDescription[]; -extern const NSSUTF8 nss_builtins_TokenLabel[]; -extern const NSSUTF8 nss_builtins_TokenModel[]; -extern const NSSUTF8 nss_builtins_TokenSerialNumber[]; +extern const NSSUTF8 nss_builtins_ManufacturerID[]; +extern const NSSUTF8 nss_builtins_LibraryDescription[]; +extern const NSSUTF8 nss_builtins_SlotDescription[]; +extern const NSSUTF8 nss_builtins_TokenLabel[]; +extern const NSSUTF8 nss_builtins_TokenModel[]; +extern const NSSUTF8 nss_builtins_TokenSerialNumber[]; extern const NSSCKMDInstance nss_builtins_mdInstance; -extern const NSSCKMDSlot nss_builtins_mdSlot; -extern const NSSCKMDToken nss_builtins_mdToken; +extern const NSSCKMDSlot nss_builtins_mdSlot; +extern const NSSCKMDToken nss_builtins_mdToken; NSS_EXTERN NSSCKMDSession * -nss_builtins_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_builtins_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_builtins_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_builtins_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_builtins_CreateMDObject -( - NSSArena *arena, - builtinsInternalObject *io, - CK_RV *pError -); +nss_builtins_CreateMDObject( + NSSArena *arena, + builtinsInternalObject *io, + CK_RV *pError); diff --git a/nss/lib/ckfw/builtins/certdata.perl b/nss/lib/ckfw/builtins/certdata.perl index e77decf..502dfb0 100644 --- a/nss/lib/ckfw/builtins/certdata.perl +++ b/nss/lib/ckfw/builtins/certdata.perl @@ -14,6 +14,18 @@ my @objsize; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; +if( scalar @ARGV == 0 ) { + print STDERR "Usage: $0 <input-file> [output-file]\n"; + exit 1; +} + +open(STDIN, '<', $ARGV[0]) + or die "Could not open input file '$ARGV[0]' $!"; +if( scalar @ARGV > 1 ) { + open(STDOUT, '>', $ARGV[1]) + or die "Could not open output file '$ARGV[1]' $!"; +} + while(<>) { my @fields = (); my $size; diff --git a/nss/lib/ckfw/builtins/certdata.txt b/nss/lib/ckfw/builtins/certdata.txt index d6d4b4f..24df334 100644 --- a/nss/lib/ckfw/builtins/certdata.txt +++ b/nss/lib/ckfw/builtins/certdata.txt @@ -69,129 +69,6 @@ CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE CKA_LABEL UTF8 "Mozilla Builtin Roots" -# -# Certificate "Equifax Secure CA" -# -# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Serial Number: 903804111 (0x35def4cf) -# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Not Valid Before: Sat Aug 22 16:41:51 1998 -# Not Valid After : Wed Aug 22 16:41:51 2018 -# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 -# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141 -\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151 -\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141 -\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151 -\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\065\336\364\317 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\040\060\202\002\211\240\003\002\001\002\002\004\065 -\336\364\317\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\116\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\020\060\016\006\003\125\004\012\023\007\105\161\165\151 -\146\141\170\061\055\060\053\006\003\125\004\013\023\044\105\161 -\165\151\146\141\170\040\123\145\143\165\162\145\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\060\036\027\015\071\070\060\070\062\062\061\066\064\061 -\065\061\132\027\015\061\070\060\070\062\062\061\066\064\061\065 -\061\132\060\116\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\020\060\016\006\003\125\004\012\023\007\105\161\165\151 -\146\141\170\061\055\060\053\006\003\125\004\013\023\044\105\161 -\165\151\146\141\170\040\123\145\143\165\162\145\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\060\201\237\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\201\215\000\060\201\211\002\201\201\000\301 -\135\261\130\147\010\142\356\240\232\055\037\010\155\221\024\150 -\230\012\036\376\332\004\157\023\204\142\041\303\321\174\316\237 -\005\340\270\001\360\116\064\354\342\212\225\004\144\254\361\153 -\123\137\005\263\313\147\200\277\102\002\216\376\335\001\011\354 -\341\000\024\117\374\373\360\014\335\103\272\133\053\341\037\200 -\160\231\025\127\223\026\361\017\227\152\267\302\150\043\034\314 -\115\131\060\254\121\036\073\257\053\326\356\143\105\173\305\331 -\137\120\322\343\120\017\072\210\347\277\024\375\340\307\271\002 -\003\001\000\001\243\202\001\011\060\202\001\005\060\160\006\003 -\125\035\037\004\151\060\147\060\145\240\143\240\141\244\137\060 -\135\061\013\060\011\006\003\125\004\006\023\002\125\123\061\020 -\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141\170 -\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151\146 -\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151\146 -\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\061 -\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060\032 -\006\003\125\035\020\004\023\060\021\201\017\062\060\061\070\060 -\070\062\062\061\066\064\061\065\061\132\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030 -\060\026\200\024\110\346\150\371\053\322\262\225\327\107\330\043 -\040\020\117\063\230\220\237\324\060\035\006\003\125\035\016\004 -\026\004\024\110\346\150\371\053\322\262\225\327\107\330\043\040 -\020\117\063\230\220\237\324\060\014\006\003\125\035\023\004\005 -\060\003\001\001\377\060\032\006\011\052\206\110\206\366\175\007 -\101\000\004\015\060\013\033\005\126\063\056\060\143\003\002\006 -\300\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\201\201\000\130\316\051\352\374\367\336\265\316\002\271\027 -\265\205\321\271\343\340\225\314\045\061\015\000\246\222\156\177 -\266\222\143\236\120\225\321\232\157\344\021\336\143\205\156\230 -\356\250\377\132\310\323\125\262\146\161\127\336\300\041\353\075 -\052\247\043\111\001\004\206\102\173\374\356\177\242\026\122\265 -\147\147\323\100\333\073\046\130\262\050\167\075\256\024\167\141 -\326\372\052\146\047\240\015\372\247\163\134\352\160\361\224\041 -\145\104\137\372\374\357\051\150\251\242\207\171\357\171\357\117 -\254\007\167\070 -END - -# Trust for Certificate "Equifax Secure CA" -# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Serial Number: 903804111 (0x35def4cf) -# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Not Valid Before: Sat Aug 22 16:41:51 1998 -# Not Valid After : Wed Aug 22 16:41:51 2018 -# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 -# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\322\062\011\255\043\323\024\043\041\164\344\015\177\235\142\023 -\227\206\143\072 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\147\313\235\300\023\044\212\202\233\262\027\036\321\033\354\324 -END -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141 -\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151 -\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\065\336\364\317 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements." # Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US # Serial Number: 1407252 (0x157914) @@ -221,563 +98,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Verisign Class 3 Public Primary Certification Authority" -# -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 -# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\160\272\344\035\020\331\051\064\266\070\312\173\003\314 -\272\277 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\074\060\202\001\245\002\020\160\272\344\035\020\331 -\051\064\266\070\312\173\003\314\272\277\060\015\006\011\052\206 -\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163 -\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066 -\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060 -\070\060\061\062\063\065\071\065\071\132\060\137\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141 -\163\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215 -\000\060\201\211\002\201\201\000\311\134\131\236\362\033\212\001 -\024\264\020\337\004\100\333\343\127\257\152\105\100\217\204\014 -\013\321\063\331\331\021\317\356\002\130\037\045\367\052\250\104 -\005\252\354\003\037\170\177\236\223\271\232\000\252\043\175\326 -\254\205\242\143\105\307\162\047\314\364\114\306\165\161\322\071 -\357\117\102\360\165\337\012\220\306\216\040\157\230\017\370\254 -\043\137\160\051\066\244\311\206\347\261\232\040\313\123\245\205 -\347\075\276\175\232\376\044\105\063\334\166\025\355\017\242\161 -\144\114\145\056\201\150\105\247\002\003\001\000\001\060\015\006 -\011\052\206\110\206\367\015\001\001\002\005\000\003\201\201\000 -\273\114\022\053\317\054\046\000\117\024\023\335\246\373\374\012 -\021\204\214\363\050\034\147\222\057\174\266\305\372\337\360\350 -\225\274\035\217\154\054\250\121\314\163\330\244\300\123\360\116 -\326\046\300\166\001\127\201\222\136\041\361\321\261\377\347\320 -\041\130\315\151\027\343\104\034\234\031\104\071\211\134\334\234 -\000\017\126\215\002\231\355\242\220\105\114\344\273\020\244\075 -\360\062\003\016\361\316\370\350\311\121\214\346\142\237\346\237 -\300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144 -END - -# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority" -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 -# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\054\061\222\346\007\344\044\353\105\111\124\053\341\273\305 -\076\141\164\342 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\020\374\143\135\366\046\076\015\363\045\276\137\171\315\147\147 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\160\272\344\035\020\331\051\064\266\070\312\173\003\314 -\272\277 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 1 Public Primary Certification Authority - G2" -# -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92 -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83 -# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\307\352\252\230\076\161\323\223\020\370\075\072\211 -\221\222 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\002\060\202\002\153\002\020\114\307\352\252\230\076 -\161\323\223\020\370\075\072\211\221\222\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141 -\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062 -\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061 -\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035 -\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040 -\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027 -\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015 -\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060 -\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023 -\063\103\154\141\163\163\040\061\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\201\215\000\060\201\211\002\201\201\000\252\320 -\272\276\026\055\270\203\324\312\322\017\274\166\061\312\224\330 -\035\223\214\126\002\274\331\157\032\157\122\066\156\165\126\012 -\125\323\337\103\207\041\021\145\212\176\217\275\041\336\153\062 -\077\033\204\064\225\005\235\101\065\353\222\353\226\335\252\131 -\077\001\123\155\231\117\355\345\342\052\132\220\301\271\304\246 -\025\317\310\105\353\246\135\216\234\076\360\144\044\166\245\315 -\253\032\157\266\330\173\121\141\156\246\177\207\310\342\267\345 -\064\334\101\210\352\011\100\276\163\222\075\153\347\165\002\003 -\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\201\201\000\251\117\303\015\307\147\276\054\313\331 -\250\315\055\165\347\176\025\236\073\162\353\176\353\134\055\011 -\207\326\153\155\140\174\345\256\305\220\043\014\134\112\320\257 -\261\135\363\307\266\012\333\340\025\223\015\335\003\274\307\166 -\212\265\335\117\303\233\023\165\270\001\300\346\311\133\153\245 -\270\211\334\254\244\335\162\355\116\241\367\117\274\006\323\352 -\310\144\164\173\302\225\101\234\145\163\130\361\220\232\074\152 -\261\230\311\304\207\274\317\105\155\105\342\156\042\077\376\274 -\017\061\134\350\362\331 -END - -# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G2" -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92 -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83 -# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\047\076\341\044\127\375\304\371\014\125\350\053\126\026\177\142 -\365\062\345\107 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\333\043\075\371\151\372\113\271\225\200\104\163\136\175\101\203 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\307\352\252\230\076\161\323\223\020\370\075\072\211 -\221\222 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 2 Public Primary Certification Authority - G2" -# -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 -# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\271\057\140\314\210\237\241\172\106\011\270\133\160 -\154\212\257 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\003\060\202\002\154\002\021\000\271\057\140\314\210 -\237\241\172\106\011\270\133\160\154\212\257\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003 -\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154 -\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162\151 -\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040 -\061\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060 -\035\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036 -\027\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027 -\015\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201 -\301\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013 -\023\063\103\154\141\163\163\040\062\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061 -\050\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151 -\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\201\215\000\060\201\211\002\201\201\000\247 -\210\001\041\164\054\347\032\003\360\230\341\227\074\017\041\010 -\361\234\333\227\351\232\374\302\004\006\023\276\137\122\310\314 -\036\054\022\126\054\270\001\151\054\314\231\037\255\260\226\256 -\171\004\362\023\071\301\173\230\272\010\054\350\302\204\023\054 -\252\151\351\011\364\307\251\002\244\102\302\043\117\112\330\360 -\016\242\373\061\154\311\346\157\231\047\007\365\346\364\114\170 -\236\155\353\106\206\372\271\206\311\124\362\262\304\257\324\106 -\034\132\311\025\060\377\015\154\365\055\016\155\316\177\167\002 -\003\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\003\201\201\000\162\056\371\177\321\361\161\373\304 -\236\366\305\136\121\212\100\230\270\150\370\233\034\203\330\342 -\235\275\377\355\241\346\146\352\057\011\364\312\327\352\245\053 -\225\366\044\140\206\115\104\056\203\245\304\055\240\323\256\170 -\151\157\162\332\154\256\010\360\143\222\067\346\273\304\060\027 -\255\167\314\111\065\252\317\330\217\321\276\267\030\226\107\163 -\152\124\042\064\144\055\266\026\233\131\133\264\121\131\072\263 -\013\024\364\022\337\147\240\364\255\062\144\136\261\106\162\047 -\214\022\173\305\104\264\256 -END - -# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2" -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 -# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\263\352\304\107\166\311\310\034\352\362\235\225\266\314\240\010 -\033\147\354\235 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\055\273\345\045\323\321\145\202\072\267\016\372\346\353\342\341 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\271\057\140\314\210\237\241\172\106\011\270\133\160 -\154\212\257 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 3 Public Primary Certification Authority - G2" -# -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6 -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 -# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211 -\064\306 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\002\060\202\002\153\002\020\175\331\376\007\317\250 -\036\267\020\171\147\373\247\211\064\306\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141 -\163\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062 -\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061 -\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035 -\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040 -\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027 -\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015 -\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060 -\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023 -\063\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\201\215\000\060\201\211\002\201\201\000\314\136 -\321\021\135\134\151\320\253\323\271\152\114\231\037\131\230\060 -\216\026\205\040\106\155\107\077\324\205\040\204\341\155\263\370 -\244\355\014\361\027\017\073\371\247\371\045\327\301\317\204\143 -\362\174\143\317\242\107\362\306\133\063\216\144\100\004\150\301 -\200\271\144\034\105\167\307\330\156\365\225\051\074\120\350\064 -\327\170\037\250\272\155\103\221\225\217\105\127\136\176\305\373 -\312\244\004\353\352\227\067\124\060\157\273\001\107\062\063\315 -\334\127\233\144\151\141\370\233\035\034\211\117\134\147\002\003 -\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\201\201\000\121\115\315\276\134\313\230\031\234\025 -\262\001\071\170\056\115\017\147\160\160\231\306\020\132\224\244 -\123\115\124\155\053\257\015\135\100\213\144\323\327\356\336\126 -\141\222\137\246\304\035\020\141\066\323\054\047\074\350\051\011 -\271\021\144\164\314\265\163\237\034\110\251\274\141\001\356\342 -\027\246\014\343\100\010\073\016\347\353\104\163\052\232\361\151 -\222\357\161\024\303\071\254\161\247\221\011\157\344\161\006\263 -\272\131\127\046\171\000\366\370\015\242\063\060\050\324\252\130 -\240\235\235\151\221\375 -END - -# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G2" -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6 -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 -# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\067\034\246\345\120\024\075\316\050\003\107\033\336\072\011 -\350\370\167\017 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\242\063\233\114\164\170\163\324\154\347\301\363\215\313\134\351 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211 -\064\306 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "GlobalSign Root CA" # # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE @@ -1936,239 +1256,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Equifax Secure Global eBusiness CA" -# -# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC -# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060 -\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102 -\165\163\151\156\145\163\163\040\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060 -\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102 -\165\163\151\156\145\163\163\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\220\060\202\001\371\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034 -\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170 -\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053 -\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123 -\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165 -\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\071 -\071\060\066\062\061\060\064\060\060\060\060\132\027\015\062\060 -\060\066\062\061\060\064\060\060\060\060\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\034\060\032\006\003 -\125\004\012\023\023\105\161\165\151\146\141\170\040\123\145\143 -\165\162\145\040\111\156\143\056\061\055\060\053\006\003\125\004 -\003\023\044\105\161\165\151\146\141\170\040\123\145\143\165\162 -\145\040\107\154\157\142\141\154\040\145\102\165\163\151\156\145 -\163\163\040\103\101\055\061\060\201\237\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211 -\002\201\201\000\272\347\027\220\002\145\261\064\125\074\111\302 -\121\325\337\247\321\067\217\321\347\201\163\101\122\140\233\235 -\241\027\046\170\255\307\261\350\046\224\062\265\336\063\215\072 -\057\333\362\232\172\132\163\230\243\134\351\373\212\163\033\134 -\347\303\277\200\154\315\251\364\326\053\300\367\371\231\252\143 -\242\261\107\002\017\324\344\121\072\022\074\154\212\132\124\204 -\160\333\301\305\220\317\162\105\313\250\131\300\315\063\235\077 -\243\226\353\205\063\041\034\076\036\076\140\156\166\234\147\205 -\305\310\303\141\002\003\001\000\001\243\146\060\144\060\021\006 -\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250 -\240\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153 -\150\154\060\035\006\003\125\035\016\004\026\004\024\276\250\240 -\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150 -\154\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000 -\003\201\201\000\060\342\001\121\252\307\352\137\332\271\320\145 -\017\060\326\076\332\015\024\111\156\221\223\047\024\061\357\304 -\367\055\105\370\354\307\277\242\101\015\043\264\222\371\031\000 -\147\275\001\257\315\340\161\374\132\317\144\304\340\226\230\320 -\243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145 -\165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257 -\362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263 -\166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031 -\126\224\251\125 -END - -# Trust for Certificate "Equifax Secure Global eBusiness CA" -# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC -# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312 -\331\012\031\105 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\217\135\167\006\047\304\230\074\133\223\170\347\327\175\233\314 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060 -\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102 -\165\163\151\156\145\163\163\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Equifax Secure eBusiness CA 1" -# -# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 4 (0x4) -# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D -# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\046\060 -\044\006\003\125\004\003\023\035\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\145\102\165\163\151\156\145\163\163 -\040\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\046\060 -\044\006\003\125\004\003\023\035\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\145\102\165\163\151\156\145\163\163 -\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\004 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\202\060\202\001\353\240\003\002\001\002\002\001\004 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034 -\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170 -\040\123\145\143\165\162\145\040\111\156\143\056\061\046\060\044 -\006\003\125\004\003\023\035\105\161\165\151\146\141\170\040\123 -\145\143\165\162\145\040\145\102\165\163\151\156\145\163\163\040 -\103\101\055\061\060\036\027\015\071\071\060\066\062\061\060\064 -\060\060\060\060\132\027\015\062\060\060\066\062\061\060\064\060 -\060\060\060\132\060\123\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\034\060\032\006\003\125\004\012\023\023\105\161 -\165\151\146\141\170\040\123\145\143\165\162\145\040\111\156\143 -\056\061\046\060\044\006\003\125\004\003\023\035\105\161\165\151 -\146\141\170\040\123\145\143\165\162\145\040\145\102\165\163\151 -\156\145\163\163\040\103\101\055\061\060\201\237\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060 -\201\211\002\201\201\000\316\057\031\274\027\267\167\336\223\251 -\137\132\015\027\117\064\032\014\230\364\042\331\131\324\304\150 -\106\360\264\065\305\205\003\040\306\257\105\245\041\121\105\101 -\353\026\130\066\062\157\342\120\142\144\371\375\121\234\252\044 -\331\364\235\203\052\207\012\041\323\022\070\064\154\215\000\156 -\132\240\331\102\356\032\041\225\371\122\114\125\132\305\017\070 -\117\106\372\155\370\056\065\326\035\174\353\342\360\260\165\200 -\310\251\023\254\276\210\357\072\156\253\137\052\070\142\002\260 -\022\173\376\217\246\003\002\003\001\000\001\243\146\060\144\060 -\021\006\011\140\206\110\001\206\370\102\001\001\004\004\003\002 -\000\007\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024 -\112\170\062\122\021\333\131\026\066\136\337\301\024\066\100\152 -\107\174\114\241\060\035\006\003\125\035\016\004\026\004\024\112 -\170\062\122\021\333\131\026\066\136\337\301\024\066\100\152\107 -\174\114\241\060\015\006\011\052\206\110\206\367\015\001\001\004 -\005\000\003\201\201\000\165\133\250\233\003\021\346\351\126\114 -\315\371\251\114\300\015\232\363\314\145\151\346\045\166\314\131 -\267\326\124\303\035\315\231\254\031\335\264\205\325\340\075\374 -\142\040\247\204\113\130\145\361\342\371\225\041\077\365\324\176 -\130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274 -\303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174 -\106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215 -\374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315 -\132\052\202\262\067\171 -END - -# Trust for Certificate "Equifax Secure eBusiness CA 1" -# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 4 (0x4) -# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D -# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365 -\267\321\212\101 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\144\234\357\056\104\374\306\217\122\007\320\121\163\217\313\075 -END -CKA_ISSUER MULTILINE_OCTAL -\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141 -\170\040\123\145\143\165\162\145\040\111\156\143\056\061\046\060 -\044\006\003\125\004\003\023\035\105\161\165\151\146\141\170\040 -\123\145\143\165\162\145\040\145\102\165\163\151\156\145\163\163 -\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\004 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "AddTrust Low-Value Services Root" # # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE @@ -2918,132 +2005,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "RSA Security 2048 v3" -# -# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc -# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02 -# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc -# Not Valid Before: Thu Feb 22 20:39:23 2001 -# Not Valid After : Sun Feb 22 20:39:23 2026 -# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E -# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "RSA Security 2048 v3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101 -\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060 -\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165 -\162\151\164\171\040\062\060\064\070\040\126\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101 -\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060 -\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165 -\162\151\164\171\040\062\060\064\070\040\126\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\001\001\000\000\002\174\000\000\000\012\000\000 -\000\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\141\060\202\002\111\240\003\002\001\002\002\020\012 -\001\001\001\000\000\002\174\000\000\000\012\000\000\000\002\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\072 -\061\031\060\027\006\003\125\004\012\023\020\122\123\101\040\123 -\145\143\165\162\151\164\171\040\111\156\143\061\035\060\033\006 -\003\125\004\013\023\024\122\123\101\040\123\145\143\165\162\151 -\164\171\040\062\060\064\070\040\126\063\060\036\027\015\060\061 -\060\062\062\062\062\060\063\071\062\063\132\027\015\062\066\060 -\062\062\062\062\060\063\071\062\063\132\060\072\061\031\060\027 -\006\003\125\004\012\023\020\122\123\101\040\123\145\143\165\162 -\151\164\171\040\111\156\143\061\035\060\033\006\003\125\004\013 -\023\024\122\123\101\040\123\145\143\165\162\151\164\171\040\062 -\060\064\070\040\126\063\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\267\217\125\161\322\200\335\173\151 -\171\247\360\030\120\062\074\142\147\366\012\225\007\335\346\033 -\363\236\331\322\101\124\153\255\237\174\276\031\315\373\106\253 -\101\150\036\030\352\125\310\057\221\170\211\050\373\047\051\140 -\377\337\217\214\073\311\111\233\265\244\224\316\001\352\076\265 -\143\173\177\046\375\031\335\300\041\275\204\321\055\117\106\303 -\116\334\330\067\071\073\050\257\313\235\032\352\053\257\041\245 -\301\043\042\270\270\033\132\023\207\127\203\321\360\040\347\350 -\117\043\102\260\000\245\175\211\351\351\141\163\224\230\161\046 -\274\055\152\340\367\115\360\361\266\052\070\061\201\015\051\341 -\000\301\121\017\114\122\370\004\132\252\175\162\323\270\207\052 -\273\143\020\003\052\263\241\117\015\132\136\106\267\075\016\365 -\164\354\231\237\371\075\044\201\210\246\335\140\124\350\225\066 -\075\306\011\223\232\243\022\200\000\125\231\031\107\275\320\245 -\174\303\272\373\037\367\365\017\370\254\271\265\364\067\230\023 -\030\336\205\133\267\014\202\073\207\157\225\071\130\060\332\156 -\001\150\027\042\314\300\013\002\003\001\000\001\243\143\060\141 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\037\006\003\125\035\043\004\030\060\026\200\024\007\303 -\121\060\244\252\351\105\256\065\044\372\377\044\054\063\320\261 -\235\214\060\035\006\003\125\035\016\004\026\004\024\007\303\121 -\060\244\252\351\105\256\065\044\372\377\044\054\063\320\261\235 -\214\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\137\076\206\166\156\270\065\074\116\066\034 -\036\171\230\277\375\325\022\021\171\122\016\356\061\211\274\335 -\177\371\321\306\025\041\350\212\001\124\015\072\373\124\271\326 -\143\324\261\252\226\115\242\102\115\324\123\037\213\020\336\177 -\145\276\140\023\047\161\210\244\163\343\204\143\321\244\125\341 -\120\223\346\033\016\171\320\147\274\106\310\277\077\027\015\225 -\346\306\220\151\336\347\264\057\336\225\175\320\022\077\075\076 -\177\115\077\024\150\365\021\120\325\301\364\220\245\010\035\061 -\140\377\140\214\043\124\012\257\376\241\156\305\321\172\052\150 -\170\317\036\202\012\040\264\037\255\345\205\262\152\150\165\116 -\255\045\067\224\205\276\275\241\324\352\267\014\113\074\235\350 -\022\000\360\137\254\015\341\254\160\143\163\367\177\171\237\062 -\045\102\164\005\200\050\277\275\301\044\226\130\025\261\027\041 -\351\211\113\333\007\210\147\364\025\255\160\076\057\115\205\073 -\302\267\333\376\230\150\043\211\341\164\017\336\364\305\204\143 -\051\033\314\313\007\311\000\244\251\327\302\042\117\147\327\167 -\354\040\005\141\336 -END - -# Trust for Certificate "RSA Security 2048 v3" -# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc -# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02 -# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc -# Not Valid Before: Thu Feb 22 20:39:23 2001 -# Not Valid After : Sun Feb 22 20:39:23 2026 -# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E -# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "RSA Security 2048 v3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\045\001\220\031\317\373\331\231\034\267\150\045\164\215\224\137 -\060\223\225\102 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\167\015\031\261\041\375\000\102\234\076\014\245\335\013\002\216 -END -CKA_ISSUER MULTILINE_OCTAL -\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101 -\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060 -\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165 -\162\151\164\171\040\062\060\064\070\040\126\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\001\001\000\000\002\174\000\000\000\012\000\000 -\000\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "GeoTrust Global CA" # # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US @@ -4974,126 +3935,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Sonera Class 1 Root CA" -# -# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI -# Serial Number: 36 (0x24) -# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 10:49:13 2001 -# Not Valid After : Tue Apr 06 10:49:13 2021 -# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F -# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class 1 Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\061\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\061\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\044 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\040\060\202\002\010\240\003\002\001\002\002\001\044 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061\017 -\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141\061 -\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162\141 -\040\103\154\141\163\163\061\040\103\101\060\036\027\015\060\061 -\060\064\060\066\061\060\064\071\061\063\132\027\015\062\061\060 -\064\060\066\061\060\064\071\061\063\132\060\071\061\013\060\011 -\006\003\125\004\006\023\002\106\111\061\017\060\015\006\003\125 -\004\012\023\006\123\157\156\145\162\141\061\031\060\027\006\003 -\125\004\003\023\020\123\157\156\145\162\141\040\103\154\141\163 -\163\061\040\103\101\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\265\211\037\053\117\147\012\171\377\305 -\036\370\177\074\355\321\176\332\260\315\155\057\066\254\064\306 -\333\331\144\027\010\143\060\063\042\212\114\356\216\273\017\015 -\102\125\311\235\056\245\357\367\247\214\303\253\271\227\313\216 -\357\077\025\147\250\202\162\143\123\017\101\214\175\020\225\044 -\241\132\245\006\372\222\127\235\372\245\001\362\165\351\037\274 -\126\046\122\116\170\031\145\130\125\003\130\300\024\256\214\174 -\125\137\160\133\167\043\006\066\227\363\044\265\232\106\225\344 -\337\015\013\005\105\345\321\362\035\202\273\306\023\340\376\252 -\172\375\151\060\224\363\322\105\205\374\362\062\133\062\336\350 -\154\135\037\313\244\042\164\260\200\216\135\224\367\006\000\113 -\251\324\136\056\065\120\011\363\200\227\364\014\027\256\071\330 -\137\315\063\301\034\312\211\302\042\367\105\022\355\136\022\223 -\235\143\253\202\056\271\353\102\101\104\313\112\032\000\202\015 -\236\371\213\127\076\114\307\027\355\054\213\162\063\137\162\172 -\070\126\325\346\331\256\005\032\035\165\105\261\313\245\045\034 -\022\127\066\375\042\067\002\003\001\000\001\243\063\060\061\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\021\006\003\125\035\016\004\012\004\010\107\342\014\213\366 -\123\210\122\060\013\006\003\125\035\017\004\004\003\002\001\006 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\213\032\262\311\135\141\264\341\271\053\271\123 -\321\262\205\235\167\216\026\356\021\075\333\302\143\331\133\227 -\145\373\022\147\330\052\134\266\253\345\136\303\267\026\057\310 -\350\253\035\212\375\253\032\174\325\137\143\317\334\260\335\167 -\271\250\346\322\042\070\207\007\024\331\377\276\126\265\375\007 -\016\074\125\312\026\314\247\246\167\067\373\333\134\037\116\131 -\006\207\243\003\103\365\026\253\267\204\275\116\357\237\061\067 -\360\106\361\100\266\321\014\245\144\370\143\136\041\333\125\116 -\117\061\166\234\020\141\216\266\123\072\243\021\276\257\155\174 -\036\275\256\055\342\014\151\307\205\123\150\242\141\272\305\076 -\264\171\124\170\236\012\307\002\276\142\321\021\202\113\145\057 -\221\132\302\250\207\261\126\150\224\171\371\045\367\301\325\256 -\032\270\273\075\217\251\212\070\025\367\163\320\132\140\321\200 -\260\360\334\325\120\315\116\356\222\110\151\355\262\043\036\060 -\314\310\224\310\266\365\073\206\177\077\246\056\237\366\076\054 -\265\222\226\076\337\054\223\212\377\201\214\017\017\131\041\031 -\127\275\125\232 -END - -# Trust for Certificate "Sonera Class 1 Root CA" -# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI -# Serial Number: 36 (0x24) -# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 10:49:13 2001 -# Not Valid After : Tue Apr 06 10:49:13 2021 -# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F -# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class 1 Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\007\107\042\001\231\316\164\271\174\260\075\171\262\144\242\310 -\125\351\063\377 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\063\267\204\365\137\047\327\150\047\336\024\336\022\052\355\157 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\061\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\044 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Sonera Class 2 Root CA" # # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI @@ -5214,141 +4055,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Staat der Nederlanden Root CA" -# -# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL -# Serial Number: 10000010 (0x98968a) -# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL -# Not Valid Before: Tue Dec 17 09:23:49 2002 -# Not Valid After : Wed Dec 16 09:15:38 2015 -# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0 -# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\212 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\272\060\202\002\242\240\003\002\001\002\002\004\000 -\230\226\212\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\125\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\122\157\157\164\040\103\101\060\036\027\015\060\062\061 -\062\061\067\060\071\062\063\064\071\132\027\015\061\065\061\062 -\061\066\060\071\061\065\063\070\132\060\125\061\013\060\011\006 -\003\125\004\006\023\002\116\114\061\036\060\034\006\003\125\004 -\012\023\025\123\164\141\141\164\040\144\145\162\040\116\145\144 -\145\162\154\141\156\144\145\156\061\046\060\044\006\003\125\004 -\003\023\035\123\164\141\141\164\040\144\145\162\040\116\145\144 -\145\162\154\141\156\144\145\156\040\122\157\157\164\040\103\101 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\230\322\265\121\021\172\201\246\024\230\161\155\276\314\347 -\023\033\326\047\016\172\263\152\030\034\266\141\132\325\141\011 -\277\336\220\023\307\147\356\335\363\332\305\014\022\236\065\125 -\076\054\047\210\100\153\367\334\335\042\141\365\302\307\016\365 -\366\325\166\123\115\217\214\274\030\166\067\205\235\350\312\111 -\307\322\117\230\023\011\242\076\042\210\234\177\326\362\020\145 -\264\356\137\030\325\027\343\370\305\375\342\235\242\357\123\016 -\205\167\242\017\341\060\107\356\000\347\063\175\104\147\032\013 -\121\350\213\240\236\120\230\150\064\122\037\056\155\001\362\140 -\105\362\061\353\251\061\150\051\273\172\101\236\306\031\177\224 -\264\121\071\003\177\262\336\247\062\233\264\107\216\157\264\112 -\256\345\257\261\334\260\033\141\274\231\162\336\344\211\267\172 -\046\135\332\063\111\133\122\234\016\365\212\255\303\270\075\350 -\006\152\302\325\052\013\154\173\204\275\126\005\313\206\145\222 -\354\104\053\260\216\271\334\160\013\106\332\255\274\143\210\071 -\372\333\152\376\043\372\274\344\110\364\147\053\152\021\020\041 -\111\002\003\001\000\001\243\201\221\060\201\216\060\014\006\003 -\125\035\023\004\005\060\003\001\001\377\060\117\006\003\125\035 -\040\004\110\060\106\060\104\006\004\125\035\040\000\060\074\060 -\072\006\010\053\006\001\005\005\007\002\001\026\056\150\164\164 -\160\072\057\057\167\167\167\056\160\153\151\157\166\145\162\150 -\145\151\144\056\156\154\057\160\157\154\151\143\151\145\163\057 -\162\157\157\164\055\160\157\154\151\143\171\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\250\175\353\274\143\244\164\023\164\000 -\354\226\340\323\064\301\054\277\154\370\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\005\204 -\207\125\164\066\141\301\273\321\324\306\025\250\023\264\237\244 -\376\273\356\025\264\057\006\014\051\362\250\222\244\141\015\374 -\253\134\010\133\121\023\053\115\302\052\141\310\370\011\130\374 -\055\002\262\071\175\231\146\201\277\156\134\225\105\040\154\346 -\171\247\321\330\034\051\374\302\040\047\121\310\361\174\135\064 -\147\151\205\021\060\306\000\322\327\363\323\174\266\360\061\127 -\050\022\202\163\351\063\057\246\125\264\013\221\224\107\234\372 -\273\172\102\062\350\256\176\055\310\274\254\024\277\331\017\331 -\133\374\301\371\172\225\341\175\176\226\374\161\260\302\114\310 -\337\105\064\311\316\015\362\234\144\010\320\073\303\051\305\262 -\355\220\004\301\261\051\221\305\060\157\301\251\162\063\314\376 -\135\026\027\054\021\151\347\176\376\305\203\010\337\274\334\042 -\072\056\040\151\043\071\126\140\147\220\213\056\166\071\373\021 -\210\227\366\174\275\113\270\040\026\147\005\215\342\073\301\162 -\077\224\225\067\307\135\271\236\330\223\241\027\217\377\014\146 -\025\301\044\174\062\174\003\035\073\241\130\105\062\223 -END - -# Trust for Certificate "Staat der Nederlanden Root CA" -# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL -# Serial Number: 10000010 (0x98968a) -# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL -# Not Valid Before: Tue Dec 17 09:23:49 2002 -# Not Valid After : Wed Dec 16 09:15:38 2015 -# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0 -# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\020\035\372\077\325\013\313\273\233\265\140\014\031\125\244\032 -\364\163\072\004 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\140\204\174\132\316\333\014\324\313\247\351\376\002\306\251\300 -END -CKA_ISSUER MULTILINE_OCTAL -\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\212 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "UTN USERFirst Email Root CA" # # Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US @@ -6159,755 +4865,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "NetLock Qualified (Class QA) Root" -# -# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 123 (0x7b) -# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Sun Mar 30 01:47:11 2003 -# Not Valid After : Thu Dec 15 01:47:11 2022 -# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14 -# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004 -\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163 -\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151 -\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034 -\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146 -\157\100\156\145\164\154\157\143\153\056\150\165 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004 -\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163 -\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151 -\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034 -\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146 -\157\100\156\145\164\154\157\143\153\056\150\165 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\173 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\321\060\202\005\271\240\003\002\001\002\002\001\173 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145 -\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164 -\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164 -\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006 -\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156 -\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004\003 -\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163\151 -\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151\040 -\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165\163 -\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034\006 -\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146\157 -\100\156\145\164\154\157\143\153\056\150\165\060\036\027\015\060 -\063\060\063\063\060\060\061\064\067\061\061\132\027\015\062\062 -\061\062\061\065\060\061\064\067\061\061\132\060\201\311\061\013 -\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017\006 -\003\125\004\007\023\010\102\165\144\141\160\145\163\164\061\047 -\060\045\006\003\125\004\012\023\036\116\145\164\114\157\143\153 -\040\110\141\154\157\172\141\164\142\151\172\164\157\156\163\141 -\147\151\040\113\146\164\056\061\032\060\030\006\003\125\004\013 -\023\021\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157\153\061\102\060\100\006\003\125\004\003\023\071\116\145 -\164\114\157\143\153\040\115\151\156\157\163\151\164\145\164\164 -\040\113\157\172\152\145\147\171\172\157\151\040\050\103\154\141 -\163\163\040\121\101\051\040\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\061\036\060\034\006\011\052\206\110 -\206\367\015\001\011\001\026\017\151\156\146\157\100\156\145\164 -\154\157\143\153\056\150\165\060\202\001\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 -\202\001\012\002\202\001\001\000\307\122\045\262\330\075\324\204 -\125\011\247\033\275\154\271\024\364\212\002\333\166\374\152\052 -\170\253\345\167\360\156\340\214\043\147\333\245\144\231\271\335 -\001\076\157\357\055\232\074\042\360\135\311\127\240\125\101\177 -\362\103\136\130\202\123\061\145\316\036\362\046\272\000\124\036 -\257\260\274\034\344\122\214\240\062\257\267\067\261\123\147\150 -\164\147\120\366\055\056\144\336\256\046\171\337\337\231\206\253 -\253\177\205\354\240\373\200\314\364\270\014\036\223\105\143\271 -\334\270\133\233\355\133\071\324\137\142\260\247\216\174\146\070 -\054\252\261\010\143\027\147\175\314\275\263\361\303\077\317\120 -\071\355\321\031\203\025\333\207\022\047\226\267\332\352\345\235 -\274\272\352\071\117\213\357\164\232\347\305\320\322\352\206\121 -\034\344\376\144\010\050\004\171\005\353\312\305\161\016\013\357 -\253\352\354\022\021\241\030\005\062\151\321\014\054\032\075\045 -\231\077\265\174\312\155\260\256\231\231\372\010\140\347\031\302 -\362\275\121\323\314\323\002\254\301\021\014\200\316\253\334\224 -\235\153\243\071\123\072\326\205\002\003\000\305\175\243\202\002 -\300\060\202\002\274\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\004\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\202\002\165\006\011\140 -\206\110\001\206\370\102\001\015\004\202\002\146\026\202\002\142 -\106\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164 -\141\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164 -\114\157\143\153\040\113\146\164\056\040\115\151\156\157\163\151 -\164\145\164\164\040\123\172\157\154\147\141\154\164\141\164\141 -\163\151\040\123\172\141\142\141\154\171\172\141\164\141\142\141 -\156\040\154\145\151\162\164\040\145\154\152\141\162\141\163\157 -\153\040\141\154\141\160\152\141\156\040\153\145\163\172\165\154 -\164\056\040\101\040\155\151\156\157\163\151\164\145\164\164\040 -\145\154\145\153\164\162\157\156\151\153\165\163\040\141\154\141 -\151\162\141\163\040\152\157\147\150\141\164\141\163\040\145\162 -\166\145\156\171\145\163\165\154\145\163\145\156\145\153\054\040 -\166\141\154\141\155\151\156\164\040\145\154\146\157\147\141\144 -\141\163\141\156\141\153\040\146\145\154\164\145\164\145\154\145 -\040\141\040\115\151\156\157\163\151\164\145\164\164\040\123\172 -\157\154\147\141\154\164\141\164\141\163\151\040\123\172\141\142 -\141\154\171\172\141\164\142\141\156\054\040\141\172\040\101\154 -\164\141\154\141\156\157\163\040\123\172\145\162\172\157\144\145 -\163\151\040\106\145\154\164\145\164\145\154\145\153\142\145\156 -\040\145\154\157\151\162\164\040\145\154\154\145\156\157\162\172 -\145\163\151\040\145\154\152\141\162\141\163\040\155\145\147\164 -\145\164\145\154\145\056\040\101\040\144\157\153\165\155\145\156 -\164\165\155\157\153\040\155\145\147\164\141\154\141\154\150\141 -\164\157\153\040\141\040\150\164\164\160\163\072\057\057\167\167 -\167\056\156\145\164\154\157\143\153\056\150\165\057\144\157\143 -\163\057\040\143\151\155\145\156\040\166\141\147\171\040\153\145 -\162\150\145\164\157\153\040\141\172\040\151\156\146\157\100\156 -\145\164\154\157\143\153\056\156\145\164\040\145\055\155\141\151 -\154\040\143\151\155\145\156\056\040\127\101\122\116\111\116\107 -\041\040\124\150\145\040\151\163\163\165\141\156\143\145\040\141 -\156\144\040\164\150\145\040\165\163\145\040\157\146\040\164\150 -\151\163\040\143\145\162\164\151\146\151\143\141\164\145\040\141 -\162\145\040\163\165\142\152\145\143\164\040\164\157\040\164\150 -\145\040\116\145\164\114\157\143\153\040\121\165\141\154\151\146 -\151\145\144\040\103\120\123\040\141\166\141\151\154\141\142\154 -\145\040\141\164\040\150\164\164\160\163\072\057\057\167\167\167 -\056\156\145\164\154\157\143\153\056\150\165\057\144\157\143\163 -\057\040\157\162\040\142\171\040\145\055\155\141\151\154\040\141 -\164\040\151\156\146\157\100\156\145\164\154\157\143\153\056\156 -\145\164\060\035\006\003\125\035\016\004\026\004\024\011\152\142 -\026\222\260\132\273\125\016\313\165\062\072\062\345\262\041\311 -\050\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\221\152\120\234\333\170\201\233\077\213\102 -\343\073\374\246\303\356\103\340\317\363\342\200\065\111\105\166 -\002\342\343\057\005\305\361\052\347\300\101\063\306\266\233\320 -\063\071\315\300\333\241\255\154\067\002\114\130\101\073\362\227 -\222\306\110\250\315\345\212\071\211\141\371\122\227\351\275\366 -\371\224\164\350\161\016\274\167\206\303\006\314\132\174\112\176 -\064\120\060\056\373\177\062\232\215\075\363\040\133\370\152\312 -\206\363\061\114\054\131\200\002\175\376\070\311\060\165\034\267 -\125\343\274\237\272\250\155\204\050\005\165\263\213\015\300\221 -\124\041\347\246\013\264\231\365\121\101\334\315\243\107\042\331 -\307\001\201\304\334\107\117\046\352\037\355\333\315\015\230\364 -\243\234\264\163\062\112\226\231\376\274\177\310\045\130\370\130 -\363\166\146\211\124\244\246\076\304\120\134\272\211\030\202\165 -\110\041\322\117\023\350\140\176\007\166\333\020\265\121\346\252 -\271\150\252\315\366\235\220\165\022\352\070\032\312\104\350\267 -\231\247\052\150\225\146\225\253\255\357\211\313\140\251\006\022 -\306\224\107\351\050 -END - -# Trust for Certificate "NetLock Qualified (Class QA) Root" -# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 123 (0x7b) -# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Sun Mar 30 01:47:11 2003 -# Not Valid After : Thu Dec 15 01:47:11 2022 -# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14 -# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\001\150\227\341\240\270\362\303\261\064\146\134\040\247\047\267 -\241\130\342\217 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\324\200\145\150\044\371\211\042\050\333\365\244\232\027\217\024 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004 -\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163 -\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151 -\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034 -\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146 -\157\100\156\145\164\154\157\143\153\056\150\165 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\173 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "NetLock Notary (Class A) Root" -# -# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU -# Serial Number: 259 (0x103) -# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU -# Not Valid Before: Wed Feb 24 23:14:47 1999 -# Not Valid After : Tue Feb 19 23:14:47 2019 -# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7 -# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Notary (Class A) Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141 -\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144 -\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036 -\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142 -\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032 -\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164 -\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003 -\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172 -\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101 -\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141 -\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144 -\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036 -\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142 -\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032 -\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164 -\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003 -\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172 -\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101 -\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\001\003 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\175\060\202\005\145\240\003\002\001\002\002\002\001 -\003\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000 -\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141 -\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144 -\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036 -\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142 -\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032 -\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164 -\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003 -\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172 -\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101 -\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157\060\036\027\015\071\071\060\062\062\064\062\063\061\064 -\064\067\132\027\015\061\071\060\062\061\071\062\063\061\064\064 -\067\132\060\201\257\061\013\060\011\006\003\125\004\006\023\002 -\110\125\061\020\060\016\006\003\125\004\010\023\007\110\165\156 -\147\141\162\171\061\021\060\017\006\003\125\004\007\023\010\102 -\165\144\141\160\145\163\164\061\047\060\045\006\003\125\004\012 -\023\036\116\145\164\114\157\143\153\040\110\141\154\157\172\141 -\164\142\151\172\164\157\156\163\141\147\151\040\113\146\164\056 -\061\032\060\030\006\003\125\004\013\023\021\124\141\156\165\163 -\151\164\166\141\156\171\153\151\141\144\157\153\061\066\060\064 -\006\003\125\004\003\023\055\116\145\164\114\157\143\153\040\113 -\157\172\152\145\147\171\172\157\151\040\050\103\154\141\163\163 -\040\101\051\040\124\141\156\165\163\151\164\166\141\156\171\153 -\151\141\144\157\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\274\164\214\017\273\114\364\067\036\251\005 -\202\330\346\341\154\160\352\170\265\156\321\070\104\015\250\203 -\316\135\322\326\325\201\305\324\113\347\133\224\160\046\333\073 -\235\152\114\142\367\161\363\144\326\141\073\075\353\163\243\067 -\331\317\352\214\222\073\315\367\007\334\146\164\227\364\105\042 -\335\364\134\340\277\155\363\276\145\063\344\025\072\277\333\230 -\220\125\070\304\355\246\125\143\013\260\170\004\364\343\156\301 -\077\216\374\121\170\037\222\236\203\302\376\331\260\251\311\274 -\132\000\377\251\250\230\164\373\366\054\076\025\071\015\266\004 -\125\250\016\230\040\102\263\261\045\255\176\232\157\135\123\261 -\253\014\374\353\340\363\172\263\250\263\377\106\366\143\242\330 -\072\230\173\266\254\205\377\260\045\117\164\143\347\023\007\245 -\012\217\005\367\300\144\157\176\247\047\200\226\336\324\056\206 -\140\307\153\053\136\163\173\027\347\221\077\144\014\330\113\042 -\064\053\233\062\362\110\037\237\241\012\204\172\342\302\255\227 -\075\216\325\301\371\126\243\120\351\306\264\372\230\242\356\225 -\346\052\003\214\337\002\003\001\000\001\243\202\002\237\060\202 -\002\233\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\000\006\060\022\006\003\125\035\023\001\001\377\004\010\060\006 -\001\001\377\002\001\004\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\000\007\060\202\002\140\006\011\140 -\206\110\001\206\370\102\001\015\004\202\002\121\026\202\002\115 -\106\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164 -\141\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164 -\114\157\143\153\040\113\146\164\056\040\101\154\164\141\154\141 -\156\157\163\040\123\172\157\154\147\141\154\164\141\164\141\163 -\151\040\106\145\154\164\145\164\145\154\145\151\142\145\156\040 -\154\145\151\162\164\040\145\154\152\141\162\141\163\157\153\040 -\141\154\141\160\152\141\156\040\153\145\163\172\165\154\164\056 -\040\101\040\150\151\164\145\154\145\163\151\164\145\163\040\146 -\157\154\171\141\155\141\164\141\164\040\141\040\116\145\164\114 -\157\143\153\040\113\146\164\056\040\164\145\162\155\145\153\146 -\145\154\145\154\157\163\163\145\147\055\142\151\172\164\157\163 -\151\164\141\163\141\040\166\145\144\151\056\040\101\040\144\151 -\147\151\164\141\154\151\163\040\141\154\141\151\162\141\163\040 -\145\154\146\157\147\141\144\141\163\141\156\141\153\040\146\145 -\154\164\145\164\145\154\145\040\141\172\040\145\154\157\151\162 -\164\040\145\154\154\145\156\157\162\172\145\163\151\040\145\154 -\152\141\162\141\163\040\155\145\147\164\145\164\145\154\145\056 -\040\101\172\040\145\154\152\141\162\141\163\040\154\145\151\162 -\141\163\141\040\155\145\147\164\141\154\141\154\150\141\164\157 -\040\141\040\116\145\164\114\157\143\153\040\113\146\164\056\040 -\111\156\164\145\162\156\145\164\040\150\157\156\154\141\160\152 -\141\156\040\141\040\150\164\164\160\163\072\057\057\167\167\167 -\056\156\145\164\154\157\143\153\056\156\145\164\057\144\157\143 -\163\040\143\151\155\145\156\040\166\141\147\171\040\153\145\162 -\150\145\164\157\040\141\172\040\145\154\154\145\156\157\162\172 -\145\163\100\156\145\164\154\157\143\153\056\156\145\164\040\145 -\055\155\141\151\154\040\143\151\155\145\156\056\040\111\115\120 -\117\122\124\101\116\124\041\040\124\150\145\040\151\163\163\165 -\141\156\143\145\040\141\156\144\040\164\150\145\040\165\163\145 -\040\157\146\040\164\150\151\163\040\143\145\162\164\151\146\151 -\143\141\164\145\040\151\163\040\163\165\142\152\145\143\164\040 -\164\157\040\164\150\145\040\116\145\164\114\157\143\153\040\103 -\120\123\040\141\166\141\151\154\141\142\154\145\040\141\164\040 -\150\164\164\160\163\072\057\057\167\167\167\056\156\145\164\154 -\157\143\153\056\156\145\164\057\144\157\143\163\040\157\162\040 -\142\171\040\145\055\155\141\151\154\040\141\164\040\143\160\163 -\100\156\145\164\154\157\143\153\056\156\145\164\056\060\015\006 -\011\052\206\110\206\367\015\001\001\004\005\000\003\202\001\001 -\000\110\044\106\367\272\126\157\372\310\050\003\100\116\345\061 -\071\153\046\153\123\177\333\337\337\363\161\075\046\300\024\016 -\306\147\173\043\250\014\163\335\001\273\306\312\156\067\071\125 -\325\307\214\126\040\016\050\012\016\322\052\244\260\111\122\306 -\070\007\376\276\012\011\214\321\230\317\312\332\024\061\241\117 -\322\071\374\017\021\054\103\303\335\253\223\307\125\076\107\174 -\030\032\000\334\363\173\330\362\177\122\154\040\364\013\137\151 -\122\364\356\370\262\051\140\353\343\111\061\041\015\326\265\020 -\101\342\101\011\154\342\032\232\126\113\167\002\366\240\233\232 -\047\207\350\125\051\161\302\220\237\105\170\032\341\025\144\075 -\320\016\330\240\166\237\256\305\320\056\352\326\017\126\354\144 -\177\132\233\024\130\001\047\176\023\120\307\153\052\346\150\074 -\277\134\240\012\033\341\016\172\351\342\200\303\351\351\366\375 -\154\021\236\320\345\050\047\053\124\062\102\024\202\165\346\112 -\360\053\146\165\143\214\242\373\004\076\203\016\233\066\360\030 -\344\046\040\303\214\360\050\007\255\074\027\146\210\265\375\266 -\210 -END - -# Trust for Certificate "NetLock Notary (Class A) Root" -# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU -# Serial Number: 259 (0x103) -# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU -# Not Valid Before: Wed Feb 24 23:14:47 1999 -# Not Valid After : Tue Feb 19 23:14:47 2019 -# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7 -# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Notary (Class A) Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\254\355\137\145\123\375\045\316\001\137\037\172\110\073\152\164 -\237\141\170\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\206\070\155\136\111\143\154\205\134\333\155\334\224\267\320\367 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141 -\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144 -\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036 -\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142 -\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032 -\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164 -\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003 -\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172 -\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101 -\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\001\003 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "NetLock Business (Class B) Root" -# -# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 105 (0x69) -# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Feb 25 14:10:22 1999 -# Not Valid After : Wed Feb 20 14:10:22 2019 -# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6 -# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Business (Class B) Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004 -\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164 -\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004 -\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164 -\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\151 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\113\060\202\004\264\240\003\002\001\002\002\001\151 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145 -\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164 -\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164 -\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006 -\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156 -\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004\003 -\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164\151 -\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165\163 -\151\164\166\141\156\171\153\151\141\144\157\060\036\027\015\071 -\071\060\062\062\065\061\064\061\060\062\062\132\027\015\061\071 -\060\062\062\060\061\064\061\060\062\062\132\060\201\231\061\013 -\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017\006 -\003\125\004\007\023\010\102\165\144\141\160\145\163\164\061\047 -\060\045\006\003\125\004\012\023\036\116\145\164\114\157\143\153 -\040\110\141\154\157\172\141\164\142\151\172\164\157\156\163\141 -\147\151\040\113\146\164\056\061\032\060\030\006\003\125\004\013 -\023\021\124\141\156\165\163\151\164\166\141\156\171\153\151\141 -\144\157\153\061\062\060\060\006\003\125\004\003\023\051\116\145 -\164\114\157\143\153\040\125\172\154\145\164\151\040\050\103\154 -\141\163\163\040\102\051\040\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\060\201\237\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211 -\002\201\201\000\261\352\004\354\040\240\043\302\217\070\140\317 -\307\106\263\325\033\376\373\271\231\236\004\334\034\177\214\112 -\201\230\356\244\324\312\212\027\271\042\177\203\012\165\114\233 -\300\151\330\144\071\243\355\222\243\375\133\134\164\032\300\107 -\312\072\151\166\232\272\342\104\027\374\114\243\325\376\270\227 -\210\257\210\003\211\037\244\362\004\076\310\007\013\346\371\263 -\057\172\142\024\011\106\024\312\144\365\213\200\265\142\250\330 -\153\326\161\223\055\263\277\011\124\130\355\006\353\250\173\334 -\103\261\241\151\002\003\001\000\001\243\202\002\237\060\202\002 -\233\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001 -\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\000\006\060\021\006\011\140\206\110\001\206\370\102 -\001\001\004\004\003\002\000\007\060\202\002\140\006\011\140\206 -\110\001\206\370\102\001\015\004\202\002\121\026\202\002\115\106 -\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164\141 -\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164\114 -\157\143\153\040\113\146\164\056\040\101\154\164\141\154\141\156 -\157\163\040\123\172\157\154\147\141\154\164\141\164\141\163\151 -\040\106\145\154\164\145\164\145\154\145\151\142\145\156\040\154 -\145\151\162\164\040\145\154\152\141\162\141\163\157\153\040\141 -\154\141\160\152\141\156\040\153\145\163\172\165\154\164\056\040 -\101\040\150\151\164\145\154\145\163\151\164\145\163\040\146\157 -\154\171\141\155\141\164\141\164\040\141\040\116\145\164\114\157 -\143\153\040\113\146\164\056\040\164\145\162\155\145\153\146\145 -\154\145\154\157\163\163\145\147\055\142\151\172\164\157\163\151 -\164\141\163\141\040\166\145\144\151\056\040\101\040\144\151\147 -\151\164\141\154\151\163\040\141\154\141\151\162\141\163\040\145 -\154\146\157\147\141\144\141\163\141\156\141\153\040\146\145\154 -\164\145\164\145\154\145\040\141\172\040\145\154\157\151\162\164 -\040\145\154\154\145\156\157\162\172\145\163\151\040\145\154\152 -\141\162\141\163\040\155\145\147\164\145\164\145\154\145\056\040 -\101\172\040\145\154\152\141\162\141\163\040\154\145\151\162\141 -\163\141\040\155\145\147\164\141\154\141\154\150\141\164\157\040 -\141\040\116\145\164\114\157\143\153\040\113\146\164\056\040\111 -\156\164\145\162\156\145\164\040\150\157\156\154\141\160\152\141 -\156\040\141\040\150\164\164\160\163\072\057\057\167\167\167\056 -\156\145\164\154\157\143\153\056\156\145\164\057\144\157\143\163 -\040\143\151\155\145\156\040\166\141\147\171\040\153\145\162\150 -\145\164\157\040\141\172\040\145\154\154\145\156\157\162\172\145 -\163\100\156\145\164\154\157\143\153\056\156\145\164\040\145\055 -\155\141\151\154\040\143\151\155\145\156\056\040\111\115\120\117 -\122\124\101\116\124\041\040\124\150\145\040\151\163\163\165\141 -\156\143\145\040\141\156\144\040\164\150\145\040\165\163\145\040 -\157\146\040\164\150\151\163\040\143\145\162\164\151\146\151\143 -\141\164\145\040\151\163\040\163\165\142\152\145\143\164\040\164 -\157\040\164\150\145\040\116\145\164\114\157\143\153\040\103\120 -\123\040\141\166\141\151\154\141\142\154\145\040\141\164\040\150 -\164\164\160\163\072\057\057\167\167\167\056\156\145\164\154\157 -\143\153\056\156\145\164\057\144\157\143\163\040\157\162\040\142 -\171\040\145\055\155\141\151\154\040\141\164\040\143\160\163\100 -\156\145\164\154\157\143\153\056\156\145\164\056\060\015\006\011 -\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000\004 -\333\256\214\027\257\370\016\220\061\116\315\076\011\300\155\072 -\260\370\063\114\107\114\343\165\210\020\227\254\260\070\025\221 -\306\051\226\314\041\300\155\074\245\164\317\330\202\245\071\303 -\145\343\102\160\273\042\220\343\175\333\065\166\341\240\265\332 -\237\160\156\223\032\060\071\035\060\333\056\343\174\262\221\262 -\321\067\051\372\271\326\027\134\107\117\343\035\070\353\237\325 -\173\225\250\050\236\025\112\321\321\320\053\000\227\240\342\222 -\066\053\143\254\130\001\153\063\051\120\206\203\361\001\110 -END - -# Trust for Certificate "NetLock Business (Class B) Root" -# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 105 (0x69) -# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Feb 25 14:10:22 1999 -# Not Valid After : Wed Feb 20 14:10:22 2019 -# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6 -# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Business (Class B) Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\207\237\113\356\005\337\230\130\073\343\140\326\063\347\015\077 -\376\230\161\257 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\071\026\252\271\152\101\341\024\151\337\236\154\073\162\334\266 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004 -\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164 -\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165 -\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\151 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "NetLock Express (Class C) Root" -# -# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 104 (0x68) -# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Feb 25 14:08:11 1999 -# Not Valid After : Wed Feb 20 14:08:11 2019 -# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4 -# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Express (Class C) Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004 -\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145 -\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141 -\156\165\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004 -\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145 -\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141 -\156\165\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\150 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\117\060\202\004\270\240\003\002\001\002\002\001\150 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145 -\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164 -\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164 -\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006 -\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156 -\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004\003 -\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145\163 -\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141\156 -\165\163\151\164\166\141\156\171\153\151\141\144\157\060\036\027 -\015\071\071\060\062\062\065\061\064\060\070\061\061\132\027\015 -\061\071\060\062\062\060\061\064\060\070\061\061\132\060\201\233 -\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060 -\017\006\003\125\004\007\023\010\102\165\144\141\160\145\163\164 -\061\047\060\045\006\003\125\004\012\023\036\116\145\164\114\157 -\143\153\040\110\141\154\157\172\141\164\142\151\172\164\157\156 -\163\141\147\151\040\113\146\164\056\061\032\060\030\006\003\125 -\004\013\023\021\124\141\156\165\163\151\164\166\141\156\171\153 -\151\141\144\157\153\061\064\060\062\006\003\125\004\003\023\053 -\116\145\164\114\157\143\153\040\105\170\160\162\145\163\163\172 -\040\050\103\154\141\163\163\040\103\051\040\124\141\156\165\163 -\151\164\166\141\156\171\153\151\141\144\157\060\201\237\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215 -\000\060\201\211\002\201\201\000\353\354\260\154\141\212\043\045 -\257\140\040\343\331\237\374\223\013\333\135\215\260\241\263\100 -\072\202\316\375\165\340\170\062\003\206\132\206\225\221\355\123 -\372\235\100\374\346\350\335\331\133\172\003\275\135\363\073\014 -\303\121\171\233\255\125\240\351\320\003\020\257\012\272\024\102 -\331\122\046\021\042\307\322\040\314\202\244\232\251\376\270\201 -\166\235\152\267\322\066\165\076\261\206\011\366\156\155\176\116 -\267\172\354\256\161\204\366\004\063\010\045\062\353\164\254\026 -\104\306\344\100\223\035\177\255\002\003\001\000\001\243\202\002 -\237\060\202\002\233\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\004\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\000\006\060\021\006\011\140\206\110 -\001\206\370\102\001\001\004\004\003\002\000\007\060\202\002\140 -\006\011\140\206\110\001\206\370\102\001\015\004\202\002\121\026 -\202\002\115\106\111\107\131\105\114\105\115\041\040\105\172\145 -\156\040\164\141\156\165\163\151\164\166\141\156\171\040\141\040 -\116\145\164\114\157\143\153\040\113\146\164\056\040\101\154\164 -\141\154\141\156\157\163\040\123\172\157\154\147\141\154\164\141 -\164\141\163\151\040\106\145\154\164\145\164\145\154\145\151\142 -\145\156\040\154\145\151\162\164\040\145\154\152\141\162\141\163 -\157\153\040\141\154\141\160\152\141\156\040\153\145\163\172\165 -\154\164\056\040\101\040\150\151\164\145\154\145\163\151\164\145 -\163\040\146\157\154\171\141\155\141\164\141\164\040\141\040\116 -\145\164\114\157\143\153\040\113\146\164\056\040\164\145\162\155 -\145\153\146\145\154\145\154\157\163\163\145\147\055\142\151\172 -\164\157\163\151\164\141\163\141\040\166\145\144\151\056\040\101 -\040\144\151\147\151\164\141\154\151\163\040\141\154\141\151\162 -\141\163\040\145\154\146\157\147\141\144\141\163\141\156\141\153 -\040\146\145\154\164\145\164\145\154\145\040\141\172\040\145\154 -\157\151\162\164\040\145\154\154\145\156\157\162\172\145\163\151 -\040\145\154\152\141\162\141\163\040\155\145\147\164\145\164\145 -\154\145\056\040\101\172\040\145\154\152\141\162\141\163\040\154 -\145\151\162\141\163\141\040\155\145\147\164\141\154\141\154\150 -\141\164\157\040\141\040\116\145\164\114\157\143\153\040\113\146 -\164\056\040\111\156\164\145\162\156\145\164\040\150\157\156\154 -\141\160\152\141\156\040\141\040\150\164\164\160\163\072\057\057 -\167\167\167\056\156\145\164\154\157\143\153\056\156\145\164\057 -\144\157\143\163\040\143\151\155\145\156\040\166\141\147\171\040 -\153\145\162\150\145\164\157\040\141\172\040\145\154\154\145\156 -\157\162\172\145\163\100\156\145\164\154\157\143\153\056\156\145 -\164\040\145\055\155\141\151\154\040\143\151\155\145\156\056\040 -\111\115\120\117\122\124\101\116\124\041\040\124\150\145\040\151 -\163\163\165\141\156\143\145\040\141\156\144\040\164\150\145\040 -\165\163\145\040\157\146\040\164\150\151\163\040\143\145\162\164 -\151\146\151\143\141\164\145\040\151\163\040\163\165\142\152\145 -\143\164\040\164\157\040\164\150\145\040\116\145\164\114\157\143 -\153\040\103\120\123\040\141\166\141\151\154\141\142\154\145\040 -\141\164\040\150\164\164\160\163\072\057\057\167\167\167\056\156 -\145\164\154\157\143\153\056\156\145\164\057\144\157\143\163\040 -\157\162\040\142\171\040\145\055\155\141\151\154\040\141\164\040 -\143\160\163\100\156\145\164\154\157\143\153\056\156\145\164\056 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\003 -\201\201\000\020\255\177\327\014\062\200\012\330\206\361\171\230 -\265\255\324\315\263\066\304\226\110\301\134\315\232\331\005\056 -\237\276\120\353\364\046\024\020\055\324\146\027\370\236\301\047 -\375\361\355\344\173\113\240\154\265\253\232\127\160\246\355\240 -\244\355\056\365\375\374\275\376\115\067\010\014\274\343\226\203 -\042\365\111\033\177\113\053\264\124\301\200\174\231\116\035\320 -\214\356\320\254\345\222\372\165\126\376\144\240\023\217\270\270 -\026\235\141\005\147\200\310\320\330\245\007\002\064\230\004\215 -\063\004\324 -END - -# Trust for Certificate "NetLock Express (Class C) Root" -# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Serial Number: 104 (0x68) -# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Feb 25 14:08:11 1999 -# Not Valid After : Wed Feb 20 14:08:11 2019 -# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4 -# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Express (Class C) Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\343\222\121\057\012\317\365\005\337\366\336\006\177\165\067\341 -\145\352\127\113 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\117\353\361\360\160\302\200\143\135\130\237\332\022\074\251\304 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160 -\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145 -\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172 -\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030 -\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141 -\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004 -\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145 -\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141 -\156\165\163\151\164\166\141\156\171\153\151\141\144\157 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\150 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "XRamp Global CA Root" # # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US @@ -10664,155 +8621,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "IGC/A" -# -# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Serial Number:39:11:45:10:94 -# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Not Valid Before: Fri Dec 13 14:29:23 2002 -# Not Valid After : Sat Oct 17 14:29:22 2020 -# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37 -# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IGC/A" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\106\122 -\061\017\060\015\006\003\125\004\010\023\006\106\162\141\156\143 -\145\061\016\060\014\006\003\125\004\007\023\005\120\141\162\151 -\163\061\020\060\016\006\003\125\004\012\023\007\120\115\057\123 -\107\104\116\061\016\060\014\006\003\125\004\013\023\005\104\103 -\123\123\111\061\016\060\014\006\003\125\004\003\023\005\111\107 -\103\057\101\061\043\060\041\006\011\052\206\110\206\367\015\001 -\011\001\026\024\151\147\143\141\100\163\147\144\156\056\160\155 -\056\147\157\165\166\056\146\162 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\106\122 -\061\017\060\015\006\003\125\004\010\023\006\106\162\141\156\143 -\145\061\016\060\014\006\003\125\004\007\023\005\120\141\162\151 -\163\061\020\060\016\006\003\125\004\012\023\007\120\115\057\123 -\107\104\116\061\016\060\014\006\003\125\004\013\023\005\104\103 -\123\123\111\061\016\060\014\006\003\125\004\003\023\005\111\107 -\103\057\101\061\043\060\041\006\011\052\206\110\206\367\015\001 -\011\001\026\024\151\147\143\141\100\163\147\144\156\056\160\155 -\056\147\157\165\166\056\146\162 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\005\071\021\105\020\224 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\002\060\202\002\352\240\003\002\001\002\002\005\071 -\021\105\020\224\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\060\201\205\061\013\060\011\006\003\125\004\006\023 -\002\106\122\061\017\060\015\006\003\125\004\010\023\006\106\162 -\141\156\143\145\061\016\060\014\006\003\125\004\007\023\005\120 -\141\162\151\163\061\020\060\016\006\003\125\004\012\023\007\120 -\115\057\123\107\104\116\061\016\060\014\006\003\125\004\013\023 -\005\104\103\123\123\111\061\016\060\014\006\003\125\004\003\023 -\005\111\107\103\057\101\061\043\060\041\006\011\052\206\110\206 -\367\015\001\011\001\026\024\151\147\143\141\100\163\147\144\156 -\056\160\155\056\147\157\165\166\056\146\162\060\036\027\015\060 -\062\061\062\061\063\061\064\062\071\062\063\132\027\015\062\060 -\061\060\061\067\061\064\062\071\062\062\132\060\201\205\061\013 -\060\011\006\003\125\004\006\023\002\106\122\061\017\060\015\006 -\003\125\004\010\023\006\106\162\141\156\143\145\061\016\060\014 -\006\003\125\004\007\023\005\120\141\162\151\163\061\020\060\016 -\006\003\125\004\012\023\007\120\115\057\123\107\104\116\061\016 -\060\014\006\003\125\004\013\023\005\104\103\123\123\111\061\016 -\060\014\006\003\125\004\003\023\005\111\107\103\057\101\061\043 -\060\041\006\011\052\206\110\206\367\015\001\011\001\026\024\151 -\147\143\141\100\163\147\144\156\056\160\155\056\147\157\165\166 -\056\146\162\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\262\037\321\320\142\305\063\073\300\004\206\210 -\263\334\370\210\367\375\337\103\337\172\215\232\111\134\366\116 -\252\314\034\271\241\353\047\211\362\106\351\073\112\161\325\035 -\216\055\317\346\255\253\143\120\307\124\013\156\022\311\220\066 -\306\330\057\332\221\252\150\305\162\376\027\012\262\027\176\171 -\265\062\210\160\312\160\300\226\112\216\344\125\315\035\047\224 -\277\316\162\052\354\134\371\163\040\376\275\367\056\211\147\270 -\273\107\163\022\367\321\065\151\072\362\012\271\256\377\106\102 -\106\242\277\241\205\032\371\277\344\377\111\205\367\243\160\206 -\062\034\135\237\140\367\251\255\245\377\317\321\064\371\175\133 -\027\306\334\326\016\050\153\302\335\361\365\063\150\235\116\374 -\207\174\066\022\326\243\200\350\103\015\125\141\224\352\144\067 -\107\352\167\312\320\262\130\005\303\135\176\261\250\106\220\061 -\126\316\160\052\226\262\060\270\167\346\171\300\275\051\073\375 -\224\167\114\275\040\315\101\045\340\056\307\033\273\356\244\004 -\101\322\135\255\022\152\212\233\107\373\311\335\106\100\341\235 -\074\063\320\265\002\003\001\000\001\243\167\060\165\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\013 -\006\003\125\035\017\004\004\003\002\001\106\060\025\006\003\125 -\035\040\004\016\060\014\060\012\006\010\052\201\172\001\171\001 -\001\001\060\035\006\003\125\035\016\004\026\004\024\243\005\057 -\030\140\120\302\211\012\335\053\041\117\377\216\116\250\060\061 -\066\060\037\006\003\125\035\043\004\030\060\026\200\024\243\005 -\057\030\140\120\302\211\012\335\053\041\117\377\216\116\250\060 -\061\066\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\005\334\046\330\372\167\025\104\150\374 -\057\146\072\164\340\135\344\051\377\006\007\023\204\112\253\317 -\155\240\037\121\224\370\111\313\164\066\024\274\025\335\333\211 -\057\335\217\240\135\174\365\022\353\237\236\070\244\107\314\263 -\226\331\276\234\045\253\003\176\063\017\225\201\015\375\026\340 -\210\276\067\360\154\135\320\061\233\062\053\135\027\145\223\230 -\140\274\156\217\261\250\074\036\331\034\363\251\046\102\371\144 -\035\302\347\222\366\364\036\132\252\031\122\135\257\350\242\367 -\140\240\366\215\360\211\365\156\340\012\005\001\225\311\213\040 -\012\272\132\374\232\054\074\275\303\267\311\135\170\045\005\077 -\126\024\233\014\332\373\072\110\376\227\151\136\312\020\206\367 -\116\226\004\010\115\354\260\276\135\334\073\216\117\301\375\232 -\066\064\232\114\124\176\027\003\110\225\010\021\034\007\157\205 -\010\176\135\115\304\235\333\373\256\316\262\321\263\270\203\154 -\035\262\263\171\361\330\160\231\176\360\023\002\316\136\335\121 -\323\337\066\201\241\033\170\057\161\263\361\131\114\106\030\050 -\253\205\322\140\126\132 -END - -# Trust for Certificate "IGC/A" -# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Serial Number:39:11:45:10:94 -# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Not Valid Before: Fri Dec 13 14:29:23 2002 -# Not Valid After : Sat Oct 17 14:29:22 2020 -# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37 -# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IGC/A" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\140\326\211\164\265\302\145\236\212\017\301\210\174\210\322\106 -\151\033\030\054 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\014\177\335\152\364\052\271\310\233\275\040\176\251\333\134\067 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\106\122 -\061\017\060\015\006\003\125\004\010\023\006\106\162\141\156\143 -\145\061\016\060\014\006\003\125\004\007\023\005\120\141\162\151 -\163\061\020\060\016\006\003\125\004\012\023\007\120\115\057\123 -\107\104\116\061\016\060\014\006\003\125\004\013\023\005\104\103 -\123\123\111\061\016\060\014\006\003\125\004\003\023\005\111\107 -\103\057\101\061\043\060\041\006\011\052\206\110\206\367\015\001 -\011\001\026\024\151\147\143\141\100\163\147\144\156\056\160\155 -\056\147\157\165\166\056\146\162 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\005\071\021\105\020\224 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # Distrust "Distrusted AC DG Tresor SSL" # Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR # Serial Number: 204199 (0x31da7) @@ -11127,173 +8935,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN" -# -# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7 -# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Not Valid Before: Wed Jun 22 00:00:00 2005 -# Not Valid After : Fri Jun 21 23:59:59 2030 -# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64 -# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Authentication and Encryption Root CA 2005 PN" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\040\060\036\006\003\125\004\010\023\027\102\141\144\145\156 -\055\127\165\145\162\164\164\145\155\142\145\162\147\040\050\102 -\127\051\061\022\060\020\006\003\125\004\007\023\011\123\164\165 -\164\164\147\141\162\164\061\051\060\047\006\003\125\004\012\023 -\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153 -\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142 -\110\061\076\060\074\006\003\125\004\003\023\065\123\055\124\122 -\125\123\124\040\101\165\164\150\145\156\164\151\143\141\164\151 -\157\156\040\141\156\144\040\105\156\143\162\171\160\164\151\157 -\156\040\122\157\157\164\040\103\101\040\062\060\060\065\072\120 -\116 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\040\060\036\006\003\125\004\010\023\027\102\141\144\145\156 -\055\127\165\145\162\164\164\145\155\142\145\162\147\040\050\102 -\127\051\061\022\060\020\006\003\125\004\007\023\011\123\164\165 -\164\164\147\141\162\164\061\051\060\047\006\003\125\004\012\023 -\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153 -\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142 -\110\061\076\060\074\006\003\125\004\003\023\065\123\055\124\122 -\125\123\124\040\101\165\164\150\145\156\164\151\143\141\164\151 -\157\156\040\141\156\144\040\105\156\143\162\171\160\164\151\157 -\156\040\122\157\157\164\040\103\101\040\062\060\060\065\072\120 -\116 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\067\031\030\346\123\124\174\032\265\270\313\131\132\333 -\065\267 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\173\060\202\003\143\240\003\002\001\002\002\020\067 -\031\030\346\123\124\174\032\265\270\313\131\132\333\065\267\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\104\105\061\040 -\060\036\006\003\125\004\010\023\027\102\141\144\145\156\055\127 -\165\145\162\164\164\145\155\142\145\162\147\040\050\102\127\051 -\061\022\060\020\006\003\125\004\007\023\011\123\164\165\164\164 -\147\141\162\164\061\051\060\047\006\003\125\004\012\023\040\104 -\145\165\164\163\143\150\145\162\040\123\160\141\162\153\141\163 -\163\145\156\040\126\145\162\154\141\147\040\107\155\142\110\061 -\076\060\074\006\003\125\004\003\023\065\123\055\124\122\125\123 -\124\040\101\165\164\150\145\156\164\151\143\141\164\151\157\156 -\040\141\156\144\040\105\156\143\162\171\160\164\151\157\156\040 -\122\157\157\164\040\103\101\040\062\060\060\065\072\120\116\060 -\036\027\015\060\065\060\066\062\062\060\060\060\060\060\060\132 -\027\015\063\060\060\066\062\061\062\063\065\071\065\071\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\040\060\036\006\003\125\004\010\023\027\102\141\144\145\156\055 -\127\165\145\162\164\164\145\155\142\145\162\147\040\050\102\127 -\051\061\022\060\020\006\003\125\004\007\023\011\123\164\165\164 -\164\147\141\162\164\061\051\060\047\006\003\125\004\012\023\040 -\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153\141 -\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142\110 -\061\076\060\074\006\003\125\004\003\023\065\123\055\124\122\125 -\123\124\040\101\165\164\150\145\156\164\151\143\141\164\151\157 -\156\040\141\156\144\040\105\156\143\162\171\160\164\151\157\156 -\040\122\157\157\164\040\103\101\040\062\060\060\065\072\120\116 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\331\265\112\301\323\063\352\323\106\263\321\342\114\322\365 -\266\203\320\157\325\030\351\223\257\047\216\023\315\265\045\066 -\120\064\022\144\051\241\125\341\072\140\223\236\050\311\343\363 -\233\341\004\260\043\277\225\212\216\133\033\101\177\132\303\350 -\115\114\325\044\026\076\207\110\324\047\256\346\367\123\035\273 -\014\000\357\076\141\161\255\277\072\172\130\037\224\075\134\201 -\325\325\157\337\270\233\322\365\345\313\203\162\222\302\123\262 -\202\002\353\255\255\137\026\055\222\123\166\361\211\266\054\365 -\301\057\340\247\112\157\240\060\152\062\353\232\164\003\150\170 -\023\235\312\057\233\013\035\276\317\165\015\046\227\233\307\365 -\136\012\237\170\337\263\274\354\232\272\357\125\217\033\232\246 -\007\143\051\027\131\142\011\052\171\007\167\245\340\321\027\151 -\351\133\335\366\220\253\342\230\012\000\321\045\155\236\327\205 -\207\057\222\361\321\166\203\117\013\072\131\067\050\057\063\247 -\027\120\326\040\013\012\364\046\371\237\070\347\055\244\270\233 -\211\215\255\255\311\152\175\211\027\273\366\177\200\203\172\346 -\355\002\003\001\000\001\243\201\222\060\201\217\060\022\006\003 -\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\000 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\051\006\003\125\035\021\004\042\060\040\244\036\060\034\061 -\032\060\030\006\003\125\004\003\023\021\123\124\122\157\156\154 -\151\156\145\061\055\062\060\064\070\055\065\060\035\006\003\125 -\035\016\004\026\004\024\017\312\036\134\171\340\242\363\051\266 -\322\205\263\013\112\265\145\354\153\122\060\037\006\003\125\035 -\043\004\030\060\026\200\024\017\312\036\134\171\340\242\363\051 -\266\322\205\263\013\112\265\145\354\153\122\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\257 -\001\360\355\031\074\050\350\115\134\273\245\143\034\210\063\003 -\247\000\207\244\037\040\253\326\034\343\006\037\227\176\124\275 -\267\321\262\311\325\332\200\354\027\327\212\365\173\302\000\366 -\351\021\157\204\240\132\045\061\342\211\371\244\000\077\061\150 -\056\325\075\350\156\346\325\035\074\077\262\275\237\167\353\235 -\323\214\272\300\327\266\115\354\123\234\017\004\156\352\065\147 -\127\343\012\145\173\220\072\341\117\076\303\000\222\172\273\005 -\211\163\214\313\246\115\300\373\366\002\326\260\007\243\003\302 -\047\100\237\014\344\205\202\055\257\232\102\035\320\307\215\370 -\100\356\235\006\127\034\331\242\330\200\024\376\341\143\055\062 -\207\325\224\122\226\072\106\306\161\226\075\367\230\016\262\221 -\252\217\332\364\116\044\000\071\125\350\255\027\271\323\064\053 -\112\251\100\314\027\052\125\145\101\164\102\176\365\300\257\310 -\223\255\362\030\133\075\211\014\333\107\071\044\370\340\114\362 -\037\260\075\012\312\005\116\211\041\032\343\052\231\254\374\177 -\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224 -END - -# Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN" -# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7 -# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Not Valid Before: Wed Jun 22 00:00:00 2005 -# Not Valid After : Fri Jun 21 23:59:59 2030 -# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64 -# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Authentication and Encryption Root CA 2005 PN" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\276\265\251\225\164\153\236\337\163\213\126\346\337\103\172\167 -\276\020\153\201 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\004\113\375\311\154\332\052\062\205\174\131\204\141\106\212\144 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\040\060\036\006\003\125\004\010\023\027\102\141\144\145\156 -\055\127\165\145\162\164\164\145\155\142\145\162\147\040\050\102 -\127\051\061\022\060\020\006\003\125\004\007\023\011\123\164\165 -\164\164\147\141\162\164\061\051\060\047\006\003\125\004\012\023 -\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153 -\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142 -\110\061\076\060\074\006\003\125\004\003\023\065\123\055\124\122 -\125\123\124\040\101\165\164\150\145\156\164\151\143\141\164\151 -\157\156\040\141\156\144\040\105\156\143\162\171\160\164\151\157 -\156\040\122\157\157\164\040\103\101\040\062\060\060\065\072\120 -\116 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\067\031\030\346\123\124\174\032\265\270\313\131\132\333 -\065\267 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Microsec e-Szigno Root CA" # # Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU @@ -12862,311 +10503,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Buypass Class 2 CA 1" -# -# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Serial Number: 1 (0x1) -# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Not Valid Before: Fri Oct 13 10:25:09 2006 -# Not Valid After : Thu Oct 13 10:25:09 2016 -# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23 -# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 2 CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\113\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\035 -\060\033\006\003\125\004\003\014\024\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\113\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\035 -\060\033\006\003\125\004\003\014\024\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\123\060\202\002\073\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\113\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035 -\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163 -\040\101\123\055\071\070\063\061\066\063\063\062\067\061\035\060 -\033\006\003\125\004\003\014\024\102\165\171\160\141\163\163\040 -\103\154\141\163\163\040\062\040\103\101\040\061\060\036\027\015 -\060\066\061\060\061\063\061\060\062\065\060\071\132\027\015\061 -\066\061\060\061\063\061\060\062\065\060\071\132\060\113\061\013 -\060\011\006\003\125\004\006\023\002\116\117\061\035\060\033\006 -\003\125\004\012\014\024\102\165\171\160\141\163\163\040\101\123 -\055\071\070\063\061\066\063\063\062\067\061\035\060\033\006\003 -\125\004\003\014\024\102\165\171\160\141\163\163\040\103\154\141 -\163\163\040\062\040\103\101\040\061\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\213\074\007\105\330\366 -\337\346\307\312\272\215\103\305\107\215\260\132\301\070\333\222 -\204\034\257\023\324\017\157\066\106\040\304\056\314\161\160\064 -\242\064\323\067\056\330\335\072\167\057\300\353\051\350\134\322 -\265\251\221\064\207\042\131\376\314\333\347\231\257\226\301\250 -\307\100\335\245\025\214\156\310\174\227\003\313\346\040\362\327 -\227\137\061\241\057\067\322\276\356\276\251\255\250\114\236\041 -\146\103\073\250\274\363\011\243\070\325\131\044\301\302\107\166 -\261\210\134\202\073\273\053\246\004\327\214\007\217\315\325\101 -\035\360\256\270\051\054\224\122\140\064\224\073\332\340\070\321 -\235\063\076\025\364\223\062\305\000\332\265\051\146\016\072\170 -\017\041\122\137\002\345\222\173\045\323\222\036\057\025\235\201 -\344\235\216\350\357\211\316\024\114\124\035\034\201\022\115\160 -\250\276\020\005\027\176\037\321\270\127\125\355\315\273\122\302 -\260\036\170\302\115\066\150\313\126\046\301\122\301\275\166\367 -\130\325\162\176\037\104\166\273\000\211\035\026\235\121\065\357 -\115\302\126\357\153\340\214\073\015\351\002\003\001\000\001\243 -\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\077 -\215\232\131\213\374\173\173\234\243\257\070\260\071\355\220\161 -\200\326\310\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\001\001\000\025\032\176\023\212\271\350\007\243 -\113\047\062\262\100\221\362\041\321\144\205\276\143\152\322\317 -\201\302\025\325\172\176\014\051\254\067\036\034\174\166\122\225 -\332\265\177\043\241\051\167\145\311\062\235\250\056\126\253\140 -\166\316\026\264\215\177\170\300\325\231\121\203\177\136\331\276 -\014\250\120\355\042\307\255\005\114\166\373\355\356\036\107\144 -\366\367\047\175\134\050\017\105\305\134\142\136\246\232\221\221 -\267\123\027\056\334\255\140\235\226\144\071\275\147\150\262\256 -\005\313\115\347\137\037\127\206\325\040\234\050\373\157\023\070 -\365\366\021\222\366\175\231\136\037\014\350\253\104\044\051\162 -\100\075\066\122\257\214\130\220\163\301\354\141\054\171\241\354 -\207\265\077\332\115\331\041\000\060\336\220\332\016\323\032\110 -\251\076\205\013\024\213\214\274\101\236\152\367\016\160\300\065 -\367\071\242\135\146\320\173\131\237\250\107\022\232\047\043\244 -\055\216\047\203\222\040\241\327\025\177\361\056\030\356\364\110 -\177\057\177\361\241\030\265\241\013\224\240\142\040\062\234\035 -\366\324\357\277\114\210\150 -END - -# Trust for Certificate "Buypass Class 2 CA 1" -# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Serial Number: 1 (0x1) -# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Not Valid Before: Fri Oct 13 10:25:09 2006 -# Not Valid After : Thu Oct 13 10:25:09 2016 -# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23 -# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 2 CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\240\241\253\220\311\374\204\173\073\022\141\350\227\175\137\323 -\042\141\323\314 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\270\010\232\360\003\314\033\015\310\154\013\166\241\165\144\043 -END -CKA_ISSUER MULTILINE_OCTAL -\060\113\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\035 -\060\033\006\003\125\004\003\014\024\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi" -# -# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number:4c:af:73:42:1c:8e:74:02 -# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Thu Aug 17 00:21:09 2006 -# Not Valid After : Sun Aug 14 00:31:09 2016 -# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37 -# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\200\061\070\060\066\006\003\125\004\003\014\057\105\102 -\107\040\105\154\145\153\164\162\157\156\151\153\040\123\145\162 -\164\151\146\151\153\141\040\110\151\172\155\145\164\040\123\141 -\304\237\154\141\171\304\261\143\304\261\163\304\261\061\067\060 -\065\006\003\125\004\012\014\056\105\102\107\040\102\151\154\151 -\305\237\151\155\040\124\145\153\156\157\154\157\152\151\154\145 -\162\151\040\166\145\040\110\151\172\155\145\164\154\145\162\151 -\040\101\056\305\236\056\061\013\060\011\006\003\125\004\006\023 -\002\124\122 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\070\060\066\006\003\125\004\003\014\057\105\102 -\107\040\105\154\145\153\164\162\157\156\151\153\040\123\145\162 -\164\151\146\151\153\141\040\110\151\172\155\145\164\040\123\141 -\304\237\154\141\171\304\261\143\304\261\163\304\261\061\067\060 -\065\006\003\125\004\012\014\056\105\102\107\040\102\151\154\151 -\305\237\151\155\040\124\145\153\156\157\154\157\152\151\154\145 -\162\151\040\166\145\040\110\151\172\155\145\164\154\145\162\151 -\040\101\056\305\236\056\061\013\060\011\006\003\125\004\006\023 -\002\124\122 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\114\257\163\102\034\216\164\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\347\060\202\003\317\240\003\002\001\002\002\010\114 -\257\163\102\034\216\164\002\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\201\200\061\070\060\066\006\003\125 -\004\003\014\057\105\102\107\040\105\154\145\153\164\162\157\156 -\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172 -\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261 -\163\304\261\061\067\060\065\006\003\125\004\012\014\056\105\102 -\107\040\102\151\154\151\305\237\151\155\040\124\145\153\156\157 -\154\157\152\151\154\145\162\151\040\166\145\040\110\151\172\155 -\145\164\154\145\162\151\040\101\056\305\236\056\061\013\060\011 -\006\003\125\004\006\023\002\124\122\060\036\027\015\060\066\060 -\070\061\067\060\060\062\061\060\071\132\027\015\061\066\060\070 -\061\064\060\060\063\061\060\071\132\060\201\200\061\070\060\066 -\006\003\125\004\003\014\057\105\102\107\040\105\154\145\153\164 -\162\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040 -\110\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261 -\143\304\261\163\304\261\061\067\060\065\006\003\125\004\012\014 -\056\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145 -\153\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110 -\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061 -\013\060\011\006\003\125\004\006\023\002\124\122\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\356\240\204 -\141\320\072\152\146\020\062\330\061\070\177\247\247\345\375\241 -\341\373\227\167\270\161\226\350\023\226\106\203\117\266\362\137 -\162\126\156\023\140\245\001\221\342\133\305\315\127\037\167\143 -\121\377\057\075\333\271\077\252\251\065\347\171\320\365\320\044 -\266\041\352\353\043\224\376\051\277\373\211\221\014\144\232\005 -\112\053\314\014\356\361\075\233\202\151\244\114\370\232\157\347 -\042\332\020\272\137\222\374\030\047\012\250\252\104\372\056\054 -\264\373\106\232\010\003\203\162\253\210\344\152\162\311\345\145 -\037\156\052\017\235\263\350\073\344\014\156\172\332\127\375\327 -\353\171\213\136\040\006\323\166\013\154\002\225\243\226\344\313 -\166\121\321\050\235\241\032\374\104\242\115\314\172\166\250\015 -\075\277\027\117\042\210\120\375\256\266\354\220\120\112\133\237 -\225\101\252\312\017\262\112\376\200\231\116\243\106\025\253\370 -\163\102\152\302\146\166\261\012\046\025\335\223\222\354\333\251 -\137\124\042\122\221\160\135\023\352\110\354\156\003\154\331\335 -\154\374\353\015\003\377\246\203\022\233\361\251\223\017\305\046 -\114\061\262\143\231\141\162\347\052\144\231\322\270\351\165\342 -\174\251\251\232\032\252\303\126\333\020\232\074\203\122\266\173 -\226\267\254\207\167\250\271\362\147\013\224\103\263\257\076\163 -\372\102\066\261\045\305\012\061\046\067\126\147\272\243\013\175 -\326\367\211\315\147\241\267\072\036\146\117\366\240\125\024\045 -\114\054\063\015\246\101\214\275\004\061\152\020\162\012\235\016 -\056\166\275\136\363\121\211\213\250\077\125\163\277\333\072\306 -\044\005\226\222\110\252\113\215\052\003\345\127\221\020\364\152 -\050\025\156\107\167\204\134\121\164\237\031\351\346\036\143\026 -\071\343\021\025\343\130\032\104\275\313\304\154\146\327\204\006 -\337\060\364\067\242\103\042\171\322\020\154\337\273\346\023\021 -\374\235\204\012\023\173\360\073\320\374\243\012\327\211\352\226 -\176\215\110\205\036\144\137\333\124\242\254\325\172\002\171\153 -\322\212\360\147\332\145\162\015\024\160\344\351\216\170\217\062 -\164\174\127\362\326\326\364\066\211\033\370\051\154\213\271\366 -\227\321\244\056\252\276\013\031\302\105\351\160\135\002\003\000 -\235\331\243\143\060\141\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\347\316\306\117\374\026\147\226\372\112\243\007\301\004 -\247\313\152\336\332\107\060\037\006\003\125\035\043\004\030\060 -\026\200\024\347\316\306\117\374\026\147\226\372\112\243\007\301 -\004\247\313\152\336\332\107\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\002\001\000\233\230\232\135\276 -\363\050\043\166\306\154\367\177\346\100\236\300\066\334\225\015 -\035\255\025\305\066\330\325\071\357\362\036\042\136\263\202\264 -\135\273\114\032\312\222\015\337\107\044\036\263\044\332\221\210 -\351\203\160\335\223\327\351\272\263\337\026\132\076\336\340\310 -\373\323\375\154\051\370\025\106\240\150\046\314\223\122\256\202 -\001\223\220\312\167\312\115\111\357\342\132\331\052\275\060\316 -\114\262\201\266\060\316\131\117\332\131\035\152\172\244\105\260 -\202\046\201\206\166\365\365\020\000\270\356\263\011\350\117\207 -\002\007\256\044\134\360\137\254\012\060\314\212\100\240\163\004 -\301\373\211\044\366\232\034\134\267\074\012\147\066\005\010\061 -\263\257\330\001\150\052\340\170\217\164\336\270\121\244\214\154 -\040\075\242\373\263\324\011\375\173\302\200\252\223\154\051\230 -\041\250\273\026\363\251\022\137\164\265\207\230\362\225\046\337 -\064\357\212\123\221\210\135\032\224\243\077\174\042\370\327\210 -\272\246\214\226\250\075\122\064\142\237\000\036\124\125\102\147 -\306\115\106\217\273\024\105\075\012\226\026\216\020\241\227\231 -\325\323\060\205\314\336\264\162\267\274\212\074\030\051\150\375 -\334\161\007\356\044\071\152\372\355\245\254\070\057\371\036\020 -\016\006\161\032\020\114\376\165\176\377\036\127\071\102\312\327 -\341\025\241\126\125\131\033\321\243\257\021\330\116\303\245\053 -\357\220\277\300\354\202\023\133\215\326\162\054\223\116\217\152 -\051\337\205\074\323\015\340\242\030\022\314\125\057\107\267\247 -\233\002\376\101\366\210\114\155\332\251\001\107\203\144\047\142 -\020\202\326\022\173\136\003\037\064\251\311\221\376\257\135\155 -\206\047\267\043\252\165\030\312\040\347\260\017\327\211\016\246 -\147\042\143\364\203\101\053\006\113\273\130\325\321\327\267\271 -\020\143\330\211\112\264\252\335\026\143\365\156\276\140\241\370 -\355\350\326\220\117\032\306\305\240\051\323\247\041\250\365\132 -\074\367\307\111\242\041\232\112\225\122\040\226\162\232\146\313 -\367\322\206\103\174\042\276\226\371\275\001\250\107\335\345\073 -\100\371\165\053\233\053\106\144\206\215\036\364\217\373\007\167 -\320\352\111\242\034\215\122\024\246\012\223 -END - -# Trust for Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi" -# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number:4c:af:73:42:1c:8e:74:02 -# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Thu Aug 17 00:21:09 2006 -# Not Valid After : Sun Aug 14 00:31:09 2016 -# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37 -# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\214\226\272\353\335\053\007\007\110\356\060\062\146\240\363\230 -\156\174\256\130 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\054\040\046\235\313\032\112\000\205\265\267\132\256\302\001\067 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\070\060\066\006\003\125\004\003\014\057\105\102 -\107\040\105\154\145\153\164\162\157\156\151\153\040\123\145\162 -\164\151\146\151\153\141\040\110\151\172\155\145\164\040\123\141 -\304\237\154\141\171\304\261\143\304\261\163\304\261\061\067\060 -\065\006\003\125\004\012\014\056\105\102\107\040\102\151\154\151 -\305\237\151\155\040\124\145\153\156\157\154\157\152\151\154\145 -\162\151\040\166\145\040\110\151\172\155\145\164\154\145\162\151 -\040\101\056\305\236\056\061\013\060\011\006\003\125\004\006\023 -\002\124\122 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\114\257\163\102\034\216\164\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "certSIGN ROOT CA" # # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO @@ -14768,298 +12104,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "CA Disig" -# -# Issuer: CN=CA Disig,O=Disig a.s.,L=Bratislava,C=SK -# Serial Number: 1 (0x1) -# Subject: CN=CA Disig,O=Disig a.s.,L=Bratislava,C=SK -# Not Valid Before: Wed Mar 22 01:39:34 2006 -# Not Valid After : Tue Mar 22 01:39:34 2016 -# Fingerprint (MD5): 3F:45:96:39:E2:50:87:F7:BB:FE:98:0C:3C:20:98:E6 -# Fingerprint (SHA1): 2A:C8:D5:8B:57:CE:BF:2F:49:AF:F2:FC:76:8F:51:14:62:90:7A:41 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CA Disig" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125 -\004\003\023\010\103\101\040\104\151\163\151\147 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125 -\004\003\023\010\103\101\040\104\151\163\151\147 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\017\060\202\002\367\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061\023 -\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163\154 -\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104\151 -\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125\004 -\003\023\010\103\101\040\104\151\163\151\147\060\036\027\015\060 -\066\060\063\062\062\060\061\063\071\063\064\132\027\015\061\066 -\060\063\062\062\060\061\063\071\063\064\132\060\112\061\013\060 -\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003 -\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061 -\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040 -\141\056\163\056\061\021\060\017\006\003\125\004\003\023\010\103 -\101\040\104\151\163\151\147\060\202\001\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 -\202\001\012\002\202\001\001\000\222\366\061\301\175\210\375\231 -\001\251\330\173\362\161\165\361\061\306\363\165\146\372\121\050 -\106\204\227\170\064\274\154\374\274\105\131\210\046\030\112\304 -\067\037\241\112\104\275\343\161\004\365\104\027\342\077\374\110 -\130\157\134\236\172\011\272\121\067\042\043\146\103\041\260\074 -\144\242\370\152\025\016\077\353\121\341\124\251\335\006\231\327 -\232\074\124\213\071\003\077\017\305\316\306\353\203\162\002\250 -\037\161\363\055\370\165\010\333\142\114\350\372\316\371\347\152 -\037\266\153\065\202\272\342\217\026\222\175\005\014\154\106\003 -\135\300\355\151\277\072\301\212\240\350\216\331\271\105\050\207 -\010\354\264\312\025\276\202\335\265\104\213\055\255\206\014\150 -\142\155\205\126\362\254\024\143\072\306\321\231\254\064\170\126 -\113\317\266\255\077\214\212\327\004\345\343\170\114\365\206\252 -\365\217\372\075\154\161\243\055\312\147\353\150\173\156\063\251 -\014\202\050\250\114\152\041\100\025\040\014\046\133\203\302\251 -\026\025\300\044\202\135\053\026\255\312\143\366\164\000\260\337 -\103\304\020\140\126\147\143\105\002\003\001\000\001\243\201\377 -\060\201\374\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\215 -\262\111\150\235\162\010\045\271\300\047\365\120\223\126\110\106 -\161\371\217\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\066\006\003\125\035\021\004\057\060\055\201\023 -\143\141\157\160\145\162\141\164\157\162\100\144\151\163\151\147 -\056\163\153\206\026\150\164\164\160\072\057\057\167\167\167\056 -\144\151\163\151\147\056\163\153\057\143\141\060\146\006\003\125 -\035\037\004\137\060\135\060\055\240\053\240\051\206\047\150\164 -\164\160\072\057\057\167\167\167\056\144\151\163\151\147\056\163 -\153\057\143\141\057\143\162\154\057\143\141\137\144\151\163\151 -\147\056\143\162\154\060\054\240\052\240\050\206\046\150\164\164 -\160\072\057\057\143\141\056\144\151\163\151\147\056\163\153\057 -\143\141\057\143\162\154\057\143\141\137\144\151\163\151\147\056 -\143\162\154\060\032\006\003\125\035\040\004\023\060\021\060\017 -\006\015\053\201\036\221\223\346\012\000\000\000\001\001\001\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\135\064\164\141\114\257\073\330\377\237\155\130\066 -\034\075\013\201\015\022\053\106\020\200\375\347\074\047\320\172 -\310\251\266\176\164\060\063\243\072\212\173\164\300\171\171\102 -\223\155\377\261\051\024\202\253\041\214\057\027\371\077\046\057 -\365\131\306\357\200\006\267\232\111\051\354\316\176\161\074\152 -\020\101\300\366\323\232\262\174\132\221\234\300\254\133\310\115 -\136\367\341\123\377\103\167\374\236\113\147\154\327\363\203\321 -\240\340\177\045\337\270\230\013\232\062\070\154\060\240\363\377 -\010\025\063\367\120\112\173\076\243\076\040\251\334\057\126\200 -\012\355\101\120\260\311\364\354\262\343\046\104\000\016\157\236 -\006\274\042\226\123\160\145\304\120\012\106\153\244\057\047\201 -\022\047\023\137\020\241\166\316\212\173\067\352\303\071\141\003 -\225\230\072\347\154\210\045\010\374\171\150\015\207\175\142\370 -\264\137\373\305\330\114\275\130\274\077\103\133\324\036\001\115 -\074\143\276\043\357\214\315\132\120\270\150\124\371\012\231\063 -\021\000\341\236\302\106\167\202\365\131\006\214\041\114\207\011 -\315\345\250 -END - -# Trust for Certificate "CA Disig" -# Issuer: CN=CA Disig,O=Disig a.s.,L=Bratislava,C=SK -# Serial Number: 1 (0x1) -# Subject: CN=CA Disig,O=Disig a.s.,L=Bratislava,C=SK -# Not Valid Before: Wed Mar 22 01:39:34 2006 -# Not Valid After : Tue Mar 22 01:39:34 2016 -# Fingerprint (MD5): 3F:45:96:39:E2:50:87:F7:BB:FE:98:0C:3C:20:98:E6 -# Fingerprint (SHA1): 2A:C8:D5:8B:57:CE:BF:2F:49:AF:F2:FC:76:8F:51:14:62:90:7A:41 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CA Disig" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\052\310\325\213\127\316\277\057\111\257\362\374\166\217\121\024 -\142\220\172\101 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\077\105\226\071\342\120\207\367\273\376\230\014\074\040\230\346 -END -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125 -\004\003\023\010\103\101\040\104\151\163\151\147 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Juur-SK" -# -# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Serial Number: 999181308 (0x3b8e4bfc) -# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Not Valid Before: Thu Aug 30 14:23:01 2001 -# Not Valid After : Fri Aug 26 14:23:01 2016 -# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55 -# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Juur-SK" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\135\061\030\060\026\006\011\052\206\110\206\367\015\001\011 -\001\026\011\160\153\151\100\163\153\056\145\145\061\013\060\011 -\006\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125 -\004\012\023\031\101\123\040\123\145\162\164\151\146\151\164\163 -\145\145\162\151\155\151\163\153\145\163\153\165\163\061\020\060 -\016\006\003\125\004\003\023\007\112\165\165\162\055\123\113 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\135\061\030\060\026\006\011\052\206\110\206\367\015\001\011 -\001\026\011\160\153\151\100\163\153\056\145\145\061\013\060\011 -\006\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125 -\004\012\023\031\101\123\040\123\145\162\164\151\146\151\164\163 -\145\145\162\151\155\151\163\153\145\163\153\165\163\061\020\060 -\016\006\003\125\004\003\023\007\112\165\165\162\055\123\113 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\073\216\113\374 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\346\060\202\003\316\240\003\002\001\002\002\004\073 -\216\113\374\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\135\061\030\060\026\006\011\052\206\110\206\367\015 -\001\011\001\026\011\160\153\151\100\163\153\056\145\145\061\013 -\060\011\006\003\125\004\006\023\002\105\105\061\042\060\040\006 -\003\125\004\012\023\031\101\123\040\123\145\162\164\151\146\151 -\164\163\145\145\162\151\155\151\163\153\145\163\153\165\163\061 -\020\060\016\006\003\125\004\003\023\007\112\165\165\162\055\123 -\113\060\036\027\015\060\061\060\070\063\060\061\064\062\063\060 -\061\132\027\015\061\066\060\070\062\066\061\064\062\063\060\061 -\132\060\135\061\030\060\026\006\011\052\206\110\206\367\015\001 -\011\001\026\011\160\153\151\100\163\153\056\145\145\061\013\060 -\011\006\003\125\004\006\023\002\105\105\061\042\060\040\006\003 -\125\004\012\023\031\101\123\040\123\145\162\164\151\146\151\164 -\163\145\145\162\151\155\151\163\153\145\163\153\165\163\061\020 -\060\016\006\003\125\004\003\023\007\112\165\165\162\055\123\113 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\201\161\066\076\063\007\326\343\060\215\023\176\167\062\106 -\313\317\031\262\140\061\106\227\206\364\230\106\244\302\145\105 -\317\323\100\174\343\132\042\250\020\170\063\314\210\261\323\201 -\112\366\142\027\173\137\115\012\056\320\317\213\043\356\117\002 -\116\273\353\016\312\275\030\143\350\200\034\215\341\034\215\075 -\340\377\133\137\352\144\345\227\350\077\231\177\014\012\011\063 -\000\032\123\247\041\341\070\113\326\203\033\255\257\144\302\371 -\034\172\214\146\110\115\146\037\030\012\342\076\273\037\007\145 -\223\205\271\032\260\271\304\373\015\021\366\365\326\371\033\307 -\054\053\267\030\121\376\340\173\366\250\110\257\154\073\117\057 -\357\370\321\107\036\046\127\360\121\035\063\226\377\357\131\075 -\332\115\321\025\064\307\352\077\026\110\173\221\034\200\103\017 -\075\270\005\076\321\263\225\315\330\312\017\302\103\147\333\267 -\223\340\042\202\056\276\365\150\050\203\271\301\073\151\173\040 -\332\116\234\155\341\272\315\217\172\154\260\011\042\327\213\013 -\333\034\325\132\046\133\015\300\352\345\140\320\237\376\065\337 -\077\002\003\001\000\001\243\202\001\254\060\202\001\250\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\202\001\026\006\003\125\035\040\004\202\001\015\060\202\001\011 -\060\202\001\005\006\012\053\006\001\004\001\316\037\001\001\001 -\060\201\366\060\201\320\006\010\053\006\001\005\005\007\002\002 -\060\201\303\036\201\300\000\123\000\145\000\145\000\040\000\163 -\000\145\000\162\000\164\000\151\000\146\000\151\000\153\000\141 -\000\141\000\164\000\040\000\157\000\156\000\040\000\166\000\344 -\000\154\000\152\000\141\000\163\000\164\000\141\000\164\000\165 -\000\144\000\040\000\101\000\123\000\055\000\151\000\163\000\040 -\000\123\000\145\000\162\000\164\000\151\000\146\000\151\000\164 -\000\163\000\145\000\145\000\162\000\151\000\155\000\151\000\163 -\000\153\000\145\000\163\000\153\000\165\000\163\000\040\000\141 -\000\154\000\141\000\155\000\055\000\123\000\113\000\040\000\163 -\000\145\000\162\000\164\000\151\000\146\000\151\000\153\000\141 -\000\141\000\164\000\151\000\144\000\145\000\040\000\153\000\151 -\000\156\000\156\000\151\000\164\000\141\000\155\000\151\000\163 -\000\145\000\153\000\163\060\041\006\010\053\006\001\005\005\007 -\002\001\026\025\150\164\164\160\072\057\057\167\167\167\056\163 -\153\056\145\145\057\143\160\163\057\060\053\006\003\125\035\037 -\004\044\060\042\060\040\240\036\240\034\206\032\150\164\164\160 -\072\057\057\167\167\167\056\163\153\056\145\145\057\152\165\165 -\162\057\143\162\154\057\060\035\006\003\125\035\016\004\026\004 -\024\004\252\172\107\243\344\211\257\032\317\012\100\247\030\077 -\157\357\351\175\276\060\037\006\003\125\035\043\004\030\060\026 -\200\024\004\252\172\107\243\344\211\257\032\317\012\100\247\030 -\077\157\357\351\175\276\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\346\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\001\001\000\173\301\030\224\123\242 -\011\363\376\046\147\232\120\344\303\005\057\053\065\170\221\114 -\174\250\021\021\171\114\111\131\254\310\367\205\145\134\106\273 -\073\020\240\002\257\315\117\265\314\066\052\354\135\376\357\240 -\221\311\266\223\157\174\200\124\354\307\010\160\015\216\373\202 -\354\052\140\170\151\066\066\321\305\234\213\151\265\100\310\224 -\145\167\362\127\041\146\073\316\205\100\266\063\143\032\277\171 -\036\374\134\035\323\035\223\033\213\014\135\205\275\231\060\062 -\030\011\221\122\351\174\241\272\377\144\222\232\354\376\065\356 -\214\057\256\374\040\206\354\112\336\033\170\062\067\246\201\322 -\235\257\132\022\026\312\231\133\374\157\155\016\305\240\036\206 -\311\221\320\134\230\202\137\143\014\212\132\253\330\225\246\314 -\313\212\326\277\144\113\216\312\212\262\260\351\041\062\236\252 -\250\205\230\064\201\071\041\073\250\072\122\062\075\366\153\067 -\206\006\132\025\230\334\360\021\146\376\064\040\267\003\364\101 -\020\175\071\204\171\226\162\143\266\226\002\345\153\271\255\031 -\115\273\306\104\333\066\313\052\234\216 -END - -# Trust for Certificate "Juur-SK" -# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Serial Number: 999181308 (0x3b8e4bfc) -# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Not Valid Before: Thu Aug 30 14:23:01 2001 -# Not Valid After : Fri Aug 26 14:23:01 2016 -# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55 -# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Juur-SK" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\100\235\113\331\027\265\134\047\266\233\144\313\230\042\104\015 -\315\011\270\211 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\252\216\135\331\370\333\012\130\267\215\046\207\154\202\065\125 -END -CKA_ISSUER MULTILINE_OCTAL -\060\135\061\030\060\026\006\011\052\206\110\206\367\015\001\011 -\001\026\011\160\153\151\100\163\153\056\145\145\061\013\060\011 -\006\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125 -\004\012\023\031\101\123\040\123\145\162\164\151\146\151\164\163 -\145\145\162\151\155\151\163\153\145\163\153\165\163\061\020\060 -\016\006\003\125\004\003\023\007\112\165\165\162\055\123\113 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\073\216\113\374 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Hongkong Post Root CA 1" # # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK @@ -15480,238 +12524,6 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Verisign Class 1 Public Primary Certification Authority" -# -# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd -# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E -# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\077\151\036\201\234\360\232\112\363\163\377\271\110\242 -\344\335 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\074\060\202\001\245\002\020\077\151\036\201\234\360 -\232\112\363\163\377\271\110\242\344\335\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\137\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163 -\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066 -\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060 -\070\060\062\062\063\065\071\065\071\132\060\137\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141 -\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215 -\000\060\201\211\002\201\201\000\345\031\277\155\243\126\141\055 -\231\110\161\366\147\336\271\215\353\267\236\206\200\012\221\016 -\372\070\045\257\106\210\202\345\163\250\240\233\044\135\015\037 -\314\145\156\014\260\320\126\204\030\207\232\006\233\020\241\163 -\337\264\130\071\153\156\301\366\025\325\250\250\077\252\022\006 -\215\061\254\177\260\064\327\217\064\147\210\011\315\024\021\342 -\116\105\126\151\037\170\002\200\332\334\107\221\051\273\066\311 -\143\134\305\340\327\055\207\173\241\267\062\260\173\060\272\052 -\057\061\252\356\243\147\332\333\002\003\001\000\001\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201\000 -\130\025\051\071\074\167\243\332\134\045\003\174\140\372\356\011 -\231\074\047\020\160\310\014\011\346\263\207\317\012\342\030\226 -\065\142\314\277\233\047\171\211\137\311\304\011\364\316\265\035 -\337\052\275\345\333\206\234\150\045\345\060\174\266\211\025\376 -\147\321\255\341\120\254\074\174\142\113\217\272\204\327\022\025 -\033\037\312\135\017\301\122\224\052\021\231\332\173\317\014\066 -\023\325\065\334\020\031\131\352\224\301\000\277\165\217\331\372 -\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133 -END - -# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority" -# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd -# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E -# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\316\152\144\243\011\344\057\273\331\205\034\105\076\144\011\352 -\350\175\140\361 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\206\254\336\053\305\155\303\331\214\050\210\323\215\026\023\036 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\077\151\036\201\234\360\232\112\363\163\377\271\110\242 -\344\335 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 3 Public Primary Certification Authority" -# -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): EF:5A:F1:33:EF:F1:CD:BB:51:02:EE:12:14:4B:96:C4 -# Fingerprint (SHA1): A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277 -\022\276 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\074\060\202\001\245\002\020\074\221\061\313\037\366 -\320\033\016\232\270\320\104\277\022\276\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\137\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163 -\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066 -\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060 -\070\060\062\062\063\065\071\065\071\132\060\137\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141 -\163\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215 -\000\060\201\211\002\201\201\000\311\134\131\236\362\033\212\001 -\024\264\020\337\004\100\333\343\127\257\152\105\100\217\204\014 -\013\321\063\331\331\021\317\356\002\130\037\045\367\052\250\104 -\005\252\354\003\037\170\177\236\223\271\232\000\252\043\175\326 -\254\205\242\143\105\307\162\047\314\364\114\306\165\161\322\071 -\357\117\102\360\165\337\012\220\306\216\040\157\230\017\370\254 -\043\137\160\051\066\244\311\206\347\261\232\040\313\123\245\205 -\347\075\276\175\232\376\044\105\063\334\166\025\355\017\242\161 -\144\114\145\056\201\150\105\247\002\003\001\000\001\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201\000 -\020\162\122\251\005\024\031\062\010\101\360\305\153\012\314\176 -\017\041\031\315\344\147\334\137\251\033\346\312\350\163\235\042 -\330\230\156\163\003\141\221\305\174\260\105\100\156\104\235\215 -\260\261\226\164\141\055\015\251\105\322\244\222\052\326\232\165 -\227\156\077\123\375\105\231\140\035\250\053\114\371\136\247\011 -\330\165\060\327\322\145\140\075\147\326\110\125\165\151\077\221 -\365\110\013\107\151\042\151\202\226\276\311\310\070\206\112\172 -\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220 -END - -# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority" -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): EF:5A:F1:33:EF:F1:CD:BB:51:02:EE:12:14:4B:96:C4 -# Fingerprint (SHA1): A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\241\333\143\223\221\157\027\344\030\125\011\100\004\025\307\002 -\100\260\256\153 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\357\132\361\063\357\361\315\273\121\002\356\022\024\113\226\304 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277 -\022\276 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Microsec e-Szigno Root CA 2009" # # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU @@ -19732,189 +16544,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Root CA Generalitat Valenciana" -# -# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Serial Number: 994436456 (0x3b45e568) -# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Not Valid Before: Fri Jul 06 16:22:47 2001 -# Not Valid After : Thu Jul 01 15:22:47 2021 -# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2 -# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Root CA Generalitat Valenciana" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\037\060\035\006\003\125\004\012\023\026\107\145\156\145\162\141 -\154\151\164\141\164\040\126\141\154\145\156\143\151\141\156\141 -\061\017\060\015\006\003\125\004\013\023\006\120\113\111\107\126 -\101\061\047\060\045\006\003\125\004\003\023\036\122\157\157\164 -\040\103\101\040\107\145\156\145\162\141\154\151\164\141\164\040 -\126\141\154\145\156\143\151\141\156\141 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\037\060\035\006\003\125\004\012\023\026\107\145\156\145\162\141 -\154\151\164\141\164\040\126\141\154\145\156\143\151\141\156\141 -\061\017\060\015\006\003\125\004\013\023\006\120\113\111\107\126 -\101\061\047\060\045\006\003\125\004\003\023\036\122\157\157\164 -\040\103\101\040\107\145\156\145\162\141\154\151\164\141\164\040 -\126\141\154\145\156\143\151\141\156\141 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\073\105\345\150 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\213\060\202\005\163\240\003\002\001\002\002\004\073 -\105\345\150\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\150\061\013\060\011\006\003\125\004\006\023\002\105 -\123\061\037\060\035\006\003\125\004\012\023\026\107\145\156\145 -\162\141\154\151\164\141\164\040\126\141\154\145\156\143\151\141 -\156\141\061\017\060\015\006\003\125\004\013\023\006\120\113\111 -\107\126\101\061\047\060\045\006\003\125\004\003\023\036\122\157 -\157\164\040\103\101\040\107\145\156\145\162\141\154\151\164\141 -\164\040\126\141\154\145\156\143\151\141\156\141\060\036\027\015 -\060\061\060\067\060\066\061\066\062\062\064\067\132\027\015\062 -\061\060\067\060\061\061\065\062\062\064\067\132\060\150\061\013 -\060\011\006\003\125\004\006\023\002\105\123\061\037\060\035\006 -\003\125\004\012\023\026\107\145\156\145\162\141\154\151\164\141 -\164\040\126\141\154\145\156\143\151\141\156\141\061\017\060\015 -\006\003\125\004\013\023\006\120\113\111\107\126\101\061\047\060 -\045\006\003\125\004\003\023\036\122\157\157\164\040\103\101\040 -\107\145\156\145\162\141\154\151\164\141\164\040\126\141\154\145 -\156\143\151\141\156\141\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\306\052\253\127\021\067\057\042\212 -\312\003\164\035\312\355\055\242\013\274\063\122\100\046\107\276 -\132\151\246\073\162\066\027\114\350\337\270\273\057\166\341\100 -\106\164\145\002\220\122\010\264\377\250\214\301\340\307\211\126 -\020\071\063\357\150\264\137\137\332\155\043\241\211\136\042\243 -\112\006\360\047\360\127\271\370\351\116\062\167\012\077\101\144 -\363\353\145\356\166\376\124\252\175\035\040\256\363\327\164\302 -\012\137\365\010\050\122\010\314\125\135\322\017\333\232\201\245 -\273\241\263\301\224\315\124\340\062\165\061\221\032\142\262\336 -\165\342\317\117\211\331\221\220\017\101\033\264\132\112\167\275 -\147\203\340\223\347\136\247\014\347\201\323\364\122\254\123\262 -\003\307\104\046\373\171\345\313\064\140\120\020\173\033\333\153 -\327\107\253\137\174\150\312\156\235\101\003\020\356\153\231\173 -\136\045\250\302\253\344\300\363\134\234\343\276\316\061\114\144 -\036\136\200\242\365\203\176\014\326\312\214\125\216\276\340\276 -\111\007\017\243\044\101\172\130\035\204\352\130\022\310\341\267 -\355\357\223\336\224\010\061\002\003\001\000\001\243\202\003\073 -\060\202\003\067\060\062\006\010\053\006\001\005\005\007\001\001 -\004\046\060\044\060\042\006\010\053\006\001\005\005\007\060\001 -\206\026\150\164\164\160\072\057\057\157\143\163\160\056\160\153 -\151\056\147\166\141\056\145\163\060\022\006\003\125\035\023\001 -\001\377\004\010\060\006\001\001\377\002\001\002\060\202\002\064 -\006\003\125\035\040\004\202\002\053\060\202\002\047\060\202\002 -\043\006\012\053\006\001\004\001\277\125\002\001\000\060\202\002 -\023\060\202\001\350\006\010\053\006\001\005\005\007\002\002\060 -\202\001\332\036\202\001\326\000\101\000\165\000\164\000\157\000 -\162\000\151\000\144\000\141\000\144\000\040\000\144\000\145\000 -\040\000\103\000\145\000\162\000\164\000\151\000\146\000\151\000 -\143\000\141\000\143\000\151\000\363\000\156\000\040\000\122\000 -\141\000\355\000\172\000\040\000\144\000\145\000\040\000\154\000 -\141\000\040\000\107\000\145\000\156\000\145\000\162\000\141\000 -\154\000\151\000\164\000\141\000\164\000\040\000\126\000\141\000 -\154\000\145\000\156\000\143\000\151\000\141\000\156\000\141\000 -\056\000\015\000\012\000\114\000\141\000\040\000\104\000\145\000 -\143\000\154\000\141\000\162\000\141\000\143\000\151\000\363\000 -\156\000\040\000\144\000\145\000\040\000\120\000\162\000\341\000 -\143\000\164\000\151\000\143\000\141\000\163\000\040\000\144\000 -\145\000\040\000\103\000\145\000\162\000\164\000\151\000\146\000 -\151\000\143\000\141\000\143\000\151\000\363\000\156\000\040\000 -\161\000\165\000\145\000\040\000\162\000\151\000\147\000\145\000 -\040\000\145\000\154\000\040\000\146\000\165\000\156\000\143\000 -\151\000\157\000\156\000\141\000\155\000\151\000\145\000\156\000 -\164\000\157\000\040\000\144\000\145\000\040\000\154\000\141\000 -\040\000\160\000\162\000\145\000\163\000\145\000\156\000\164\000 -\145\000\040\000\101\000\165\000\164\000\157\000\162\000\151\000 -\144\000\141\000\144\000\040\000\144\000\145\000\040\000\103\000 -\145\000\162\000\164\000\151\000\146\000\151\000\143\000\141\000 -\143\000\151\000\363\000\156\000\040\000\163\000\145\000\040\000 -\145\000\156\000\143\000\165\000\145\000\156\000\164\000\162\000 -\141\000\040\000\145\000\156\000\040\000\154\000\141\000\040\000 -\144\000\151\000\162\000\145\000\143\000\143\000\151\000\363\000 -\156\000\040\000\167\000\145\000\142\000\040\000\150\000\164\000 -\164\000\160\000\072\000\057\000\057\000\167\000\167\000\167\000 -\056\000\160\000\153\000\151\000\056\000\147\000\166\000\141\000 -\056\000\145\000\163\000\057\000\143\000\160\000\163\060\045\006 -\010\053\006\001\005\005\007\002\001\026\031\150\164\164\160\072 -\057\057\167\167\167\056\160\153\151\056\147\166\141\056\145\163 -\057\143\160\163\060\035\006\003\125\035\016\004\026\004\024\173 -\065\323\100\322\034\170\031\146\357\164\020\050\334\076\117\262 -\170\004\374\060\201\225\006\003\125\035\043\004\201\215\060\201 -\212\200\024\173\065\323\100\322\034\170\031\146\357\164\020\050 -\334\076\117\262\170\004\374\241\154\244\152\060\150\061\013\060 -\011\006\003\125\004\006\023\002\105\123\061\037\060\035\006\003 -\125\004\012\023\026\107\145\156\145\162\141\154\151\164\141\164 -\040\126\141\154\145\156\143\151\141\156\141\061\017\060\015\006 -\003\125\004\013\023\006\120\113\111\107\126\101\061\047\060\045 -\006\003\125\004\003\023\036\122\157\157\164\040\103\101\040\107 -\145\156\145\162\141\154\151\164\141\164\040\126\141\154\145\156 -\143\151\141\156\141\202\004\073\105\345\150\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\044 -\141\116\365\265\310\102\002\052\263\134\165\255\305\155\312\347 -\224\077\245\150\225\210\301\124\300\020\151\242\022\057\030\077 -\045\120\250\174\112\352\306\011\331\364\165\306\100\332\257\120 -\235\075\245\026\273\155\061\306\307\163\012\110\376\040\162\355 -\157\314\350\203\141\026\106\220\001\225\113\175\216\232\122\011 -\057\366\157\034\344\241\161\317\214\052\132\027\163\203\107\115 -\017\066\373\004\115\111\121\342\024\311\144\141\373\324\024\340 -\364\236\267\064\217\012\046\275\227\134\364\171\072\112\060\031 -\314\255\117\240\230\212\264\061\227\052\342\163\155\176\170\270 -\370\210\211\117\261\042\221\144\113\365\120\336\003\333\345\305 -\166\347\023\146\165\176\145\373\001\237\223\207\210\235\371\106 -\127\174\115\140\257\230\163\023\043\244\040\221\201\372\320\141 -\146\270\175\321\257\326\157\036\154\075\351\021\375\251\371\202 -\042\206\231\063\161\132\352\031\127\075\221\315\251\300\243\156 -\007\023\246\311\355\370\150\243\236\303\132\162\011\207\050\321 -\304\163\304\163\030\137\120\165\026\061\237\267\350\174\303 -END - -# Trust for Certificate "Root CA Generalitat Valenciana" -# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Serial Number: 994436456 (0x3b45e568) -# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Not Valid Before: Fri Jul 06 16:22:47 2001 -# Not Valid After : Thu Jul 01 15:22:47 2021 -# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2 -# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Root CA Generalitat Valenciana" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\240\163\345\305\275\103\141\015\206\114\041\023\012\205\130\127 -\314\234\352\106 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\054\214\027\136\261\124\253\223\027\265\066\132\333\321\306\362 -END -CKA_ISSUER MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\037\060\035\006\003\125\004\012\023\026\107\145\156\145\162\141 -\154\151\164\141\164\040\126\141\154\145\156\143\151\141\156\141 -\061\017\060\015\006\003\125\004\013\023\006\120\113\111\107\126 -\101\061\047\060\045\006\003\125\004\003\023\036\122\157\157\164 -\040\103\101\040\107\145\156\145\162\141\154\151\164\141\164\040 -\126\141\154\145\156\143\151\141\156\141 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\073\105\345\150 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "TWCA Root Certification Authority" # # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW @@ -22013,7 +18642,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\010\127\012\021\227\102\304\343\314 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -30351,3 +26980,2877 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SZAFIR ROOT CA2" +# +# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 +# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Not Valid Before: Mon Oct 19 07:43:30 2015 +# Not Valid After : Fri Oct 19 07:43:30 2035 +# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SZAFIR ROOT CA2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 +\353\055\334\344\326\344 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076 +\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334 +\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120 +\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152 +\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172 +\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006 +\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117 +\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060 +\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067 +\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113 +\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154 +\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030 +\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040 +\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 +\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315 +\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173 +\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205 +\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123 +\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222 +\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112 +\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260 +\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332 +\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266 +\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372 +\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073 +\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301 +\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371 +\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002 +\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334 +\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315 +\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026 +\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254 +\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351 +\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344 +\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160 +\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157 +\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162 +\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206 +\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314 +\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203 +\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217 +\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120 +\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353 +\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262 +\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076 +\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227 +\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240 +\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212 +\326\040\036\343\163\267 +END + +# Trust for "SZAFIR ROOT CA2" +# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 +# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +# Not Valid Before: Mon Oct 19 07:43:30 2015 +# Not Valid After : Fri Oct 19 07:43:30 2035 +# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SZAFIR ROOT CA2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317 +\136\263\077\336 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 +\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 +\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 +\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 +\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 +\103\101\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 +\353\055\334\344\326\344 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Certum Trusted Network CA 2" +# +# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 +# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Not Valid Before: Thu Oct 06 08:39:56 2011 +# Not Valid After : Sat Oct 06 08:39:56 2046 +# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 +# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certum Trusted Network CA 2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 +\215\351 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041 +\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060 +\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201 +\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042 +\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157 +\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056 +\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162 +\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006 +\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165 +\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040 +\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063 +\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070 +\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004 +\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031 +\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157 +\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125 +\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162 +\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167 +\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200 +\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357 +\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113 +\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047 +\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302 +\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334 +\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101 +\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111 +\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215 +\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104 +\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300 +\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002 +\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204 +\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167 +\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150 +\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146 +\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061 +\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150 +\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242 +\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032 +\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165 +\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226 +\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272 +\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274 +\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263 +\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113 +\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054 +\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022 +\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276 +\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375 +\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147 +\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125 +\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241 +\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072 +\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005 +\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325 +\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020 +\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157 +\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024 +\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337 +\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130 +\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204 +\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275 +\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024 +\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343 +\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046 +\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311 +\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111 +\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377 +\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333 +\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326 +\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333 +\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210 +\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264 +\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052 +\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047 +\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045 +\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250 +\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026 +\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015 +\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343 +\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304 +\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022 +\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317 +\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030 +\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336 +\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342 +\016\265\271\276\044\217 +END + +# Trust for "Certum Trusted Network CA 2" +# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 +# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +# Not Valid Before: Thu Oct 06 08:39:56 2011 +# Not Valid After : Sat Oct 06 08:39:56 2046 +# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 +# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certum Trusted Network CA 2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317 +\323\334\060\222 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 +\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 +\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 +\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 +\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 +\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 +\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 +\101\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 +\215\351 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hellenic Academic and Research Institutions RootCA 2015" +# +# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:11:21 2015 +# Not Valid After : Sat Jun 30 10:11:21 2040 +# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\013\060\202\003\363\240\003\002\001\002\002\001\000 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122\061 +\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156\163 +\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 +\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 +\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 +\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 +\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 +\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060\067 +\060\067\061\060\061\061\062\061\132\027\015\064\060\060\066\063 +\060\061\060\061\061\062\061\132\060\201\246\061\013\060\011\006 +\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125\004 +\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003\125 +\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143\141 +\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162 +\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040 +\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171\061 +\100\060\076\006\003\125\004\003\023\067\110\145\154\154\145\156 +\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 +\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 +\164\151\157\156\163\040\122\157\157\164\103\101\040\062\060\061 +\065\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\302\370\251\077\033\211\374\074\074\004\135\075\220\066 +\260\221\072\171\074\146\132\357\155\071\001\111\032\264\267\317 +\177\115\043\123\267\220\000\343\023\052\050\246\061\361\221\000 +\343\050\354\256\041\101\316\037\332\375\175\022\133\001\203\017 +\271\260\137\231\341\362\022\203\200\115\006\076\337\254\257\347 +\241\210\153\061\257\360\213\320\030\063\270\333\105\152\064\364 +\002\200\044\050\012\002\025\225\136\166\052\015\231\072\024\133 +\366\313\313\123\274\023\115\001\210\067\224\045\033\102\274\042 +\330\216\243\226\136\072\331\062\333\076\350\360\020\145\355\164 +\341\057\247\174\257\047\064\273\051\175\233\266\317\011\310\345 +\323\012\374\210\145\145\164\012\334\163\034\134\315\100\261\034 +\324\266\204\214\114\120\317\150\216\250\131\256\302\047\116\202 +\242\065\335\024\364\037\377\262\167\325\207\057\252\156\175\044 +\047\347\306\313\046\346\345\376\147\007\143\330\105\015\335\072 +\131\145\071\130\172\222\231\162\075\234\204\136\210\041\270\325 +\364\054\374\331\160\122\117\170\270\275\074\053\213\225\230\365 +\263\321\150\317\040\024\176\114\134\137\347\213\345\365\065\201 +\031\067\327\021\010\267\146\276\323\112\316\203\127\000\072\303 +\201\370\027\313\222\066\135\321\243\330\165\033\341\213\047\352 +\172\110\101\375\105\031\006\255\047\231\116\301\160\107\335\265 +\237\201\123\022\345\261\214\110\135\061\103\027\343\214\306\172 +\143\226\113\051\060\116\204\116\142\031\136\074\316\227\220\245 +\177\001\353\235\340\370\213\211\335\045\230\075\222\266\176\357 +\331\361\121\121\175\055\046\310\151\131\141\340\254\152\270\052 +\066\021\004\172\120\275\062\204\276\057\334\162\325\327\035\026 +\107\344\107\146\040\077\364\226\305\257\216\001\172\245\017\172 +\144\365\015\030\207\331\256\210\325\372\204\301\072\300\151\050 +\055\362\015\150\121\252\343\245\167\306\244\220\016\241\067\213 +\061\043\107\301\011\010\353\156\367\170\233\327\202\374\204\040 +\231\111\031\266\022\106\261\373\105\125\026\251\243\145\254\234 +\007\017\352\153\334\037\056\006\162\354\206\210\022\344\055\333 +\137\005\057\344\360\003\323\046\063\347\200\302\315\102\241\027 +\064\013\002\003\001\000\001\243\102\060\100\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\161\025\147\310\310\311\275\165\135 +\162\320\070\030\152\235\363\161\044\124\013\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\165 +\273\155\124\113\252\020\130\106\064\362\142\327\026\066\135\010 +\136\325\154\310\207\275\264\056\106\362\061\370\174\352\102\265 +\223\026\125\334\241\014\022\240\332\141\176\017\130\130\163\144 +\162\307\350\105\216\334\251\362\046\077\306\171\214\261\123\010 +\063\201\260\126\023\276\346\121\134\330\233\012\117\113\234\126 +\123\002\351\117\366\015\140\352\115\102\125\350\174\033\041\041 +\323\033\072\314\167\362\270\220\361\150\307\371\132\376\372\055 +\364\277\311\365\105\033\316\070\020\052\067\212\171\243\264\343 +\011\154\205\206\223\377\211\226\047\170\201\217\147\343\106\164 +\124\216\331\015\151\342\112\364\115\164\003\377\262\167\355\225 +\147\227\344\261\305\253\277\152\043\350\324\224\342\104\050\142 +\304\113\342\360\330\342\051\153\032\160\176\044\141\223\173\117 +\003\062\045\015\105\044\053\226\264\106\152\277\112\013\367\232 +\217\301\254\032\305\147\363\157\064\322\372\163\143\214\357\026 +\260\250\244\106\052\370\353\022\354\162\264\357\370\053\176\214 +\122\300\213\204\124\371\057\076\343\125\250\334\146\261\331\341 +\137\330\263\214\131\064\131\244\253\117\154\273\037\030\333\165 +\253\330\313\222\315\224\070\141\016\007\006\037\113\106\020\361 +\025\276\215\205\134\073\112\053\201\171\017\264\151\237\111\120 +\227\115\367\016\126\135\300\225\152\302\066\303\033\150\311\365 +\052\334\107\232\276\262\316\305\045\350\372\003\271\332\371\026 +\156\221\204\365\034\050\310\374\046\314\327\034\220\126\247\137 +\157\072\004\274\315\170\211\013\216\017\057\243\252\117\242\033 +\022\075\026\010\100\017\361\106\114\327\252\173\010\301\012\365 +\155\047\336\002\217\312\303\265\053\312\351\353\310\041\123\070 +\245\314\073\330\167\067\060\242\117\331\157\321\362\100\255\101 +\172\027\305\326\112\065\211\267\101\325\174\206\177\125\115\203 +\112\245\163\040\300\072\257\220\361\232\044\216\331\216\161\312 +\173\270\206\332\262\217\231\076\035\023\015\022\021\356\324\253 +\360\351\025\166\002\344\340\337\252\040\036\133\141\205\144\100 +\251\220\227\015\255\123\322\132\035\207\152\000\227\145\142\264 +\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 +END + +# Trust for "Hellenic Academic and Research Institutions RootCA 2015" +# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:11:21 2015 +# Not Valid After : Sat Jun 30 10:11:21 2040 +# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\001\014\006\225\246\230\031\024\377\277\137\306\260\266\225\352 +\051\351\022\246 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\312\377\342\333\003\331\313\113\351\017\255\204\375\173\030\316 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 +\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 +\157\164\103\101\040\062\060\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" +# +# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:37:12 2015 +# Not Valid After : Sat Jun 30 10:37:12 2040 +# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\303\060\202\002\112\240\003\002\001\002\002\001\000 +\060\012\006\010\052\206\110\316\075\004\003\002\060\201\252\061 +\013\060\011\006\003\125\004\006\023\002\107\122\061\017\060\015 +\006\003\125\004\007\023\006\101\164\150\145\156\163\061\104\060 +\102\006\003\125\004\012\023\073\110\145\154\154\145\156\151\143 +\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 +\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 +\157\156\163\040\103\145\162\164\056\040\101\165\164\150\157\162 +\151\164\171\061\104\060\102\006\003\125\004\003\023\073\110\145 +\154\154\145\156\151\143\040\101\143\141\144\145\155\151\143\040 +\141\156\144\040\122\145\163\145\141\162\143\150\040\111\156\163 +\164\151\164\165\164\151\157\156\163\040\105\103\103\040\122\157 +\157\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060 +\067\060\067\061\060\063\067\061\062\132\027\015\064\060\060\066 +\063\060\061\060\063\067\061\062\132\060\201\252\061\013\060\011 +\006\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125 +\004\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003 +\125\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143 +\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141 +\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163 +\040\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171 +\061\104\060\102\006\003\125\004\003\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\105\103\103\040\122\157\157\164\103 +\101\040\062\060\061\065\060\166\060\020\006\007\052\206\110\316 +\075\002\001\006\005\053\201\004\000\042\003\142\000\004\222\240 +\101\350\113\202\204\134\342\370\061\021\231\206\144\116\011\045 +\057\235\101\057\012\256\065\117\164\225\262\121\144\153\215\153 +\346\077\160\225\360\005\104\107\246\162\070\120\166\225\002\132 +\216\256\050\236\371\055\116\231\357\054\110\157\114\045\051\350 +\321\161\133\337\035\301\165\067\264\327\372\173\172\102\234\152 +\012\126\132\174\151\013\252\200\011\044\154\176\301\106\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\264\042 +\013\202\231\044\001\016\234\273\344\016\375\277\373\227\040\223 +\231\052\060\012\006\010\052\206\110\316\075\004\003\002\003\147 +\000\060\144\002\060\147\316\026\142\070\242\254\142\105\247\251 +\225\044\300\032\047\234\062\073\300\300\325\272\251\347\370\004 +\103\123\205\356\122\041\336\235\365\045\203\076\236\130\113\057 +\327\147\023\016\041\002\060\005\341\165\001\336\150\355\052\037 +\115\114\011\010\015\354\113\255\144\027\050\347\165\316\105\145 +\162\041\027\313\042\101\016\214\023\230\070\232\124\155\233\312 +\342\174\352\002\130\042\221 +END + +# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" +# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Serial Number: 0 (0x0) +# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +# Not Valid Before: Tue Jul 07 10:37:12 2015 +# Not Valid After : Sat Jun 30 10:37:12 2040 +# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\237\361\161\215\222\325\232\363\175\164\227\264\274\157\204\150 +\013\272\266\146 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\201\345\264\027\353\302\365\341\113\015\101\173\111\222\376\357 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 +\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 +\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 +\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 +\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 +\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 +\103\040\122\157\157\164\103\101\040\062\060\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Certplus Root CA G1" +# +# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR +# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 +# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E +# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certplus Root CA G1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 +\054\334\106\021 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021 +\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106 +\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060 +\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132 +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126 +\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347 +\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132 +\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176 +\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363 +\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055 +\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206 +\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035 +\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217 +\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005 +\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301 +\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237 +\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310 +\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025 +\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304 +\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305 +\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071 +\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015 +\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013 +\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050 +\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334 +\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276 +\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051 +\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223 +\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315 +\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107 +\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225 +\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050 +\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200 +\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316 +\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157 +\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026 +\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135 +\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035 +\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174 +\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052 +\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234 +\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070 +\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241 +\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011 +\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036 +\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373 +\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356 +\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376 +\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122 +\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073 +\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363 +\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143 +\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144 +\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076 +\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021 +\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117 +\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125 +\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253 +\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203 +\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257 +\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162 +\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146 +\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376 +\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025 +\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051 +\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333 +\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271 +\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372 +\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166 +\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145 +\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213 +\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300 +\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372 +END + +# Trust for "Certplus Root CA G1" +# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR +# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 +# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E +# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certplus Root CA G1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152 +\037\343\367\146 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102 +END +CKA_ISSUER MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 +\054\334\106\021 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Certplus Root CA G2" +# +# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR +# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 +# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 +# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certplus Root CA G2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 +\317\163\274\125 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021 +\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274 +\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061 +\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 +\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 +\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 +\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027 +\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015 +\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061 +\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 +\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 +\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 +\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255 +\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312 +\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147 +\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061 +\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177 +\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134 +\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043 +\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043 +\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074 +\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206 +\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260 +\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063 +\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041 +\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000 +\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150 +\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245 +\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137 +END + +# Trust for "Certplus Root CA G2" +# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR +# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 +# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 +# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certplus Root CA G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045 +\135\151\314\032 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061 +END +CKA_ISSUER MULTILINE_OCTAL +\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 +\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 +\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 +\317\163\274\125 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "OpenTrust Root CA G1" +# +# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR +# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 +# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 08:45:50 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 +# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 +\153\143\216\147 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 +\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216 +\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065 +\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 +\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 +\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 +\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 +\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 +\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003 +\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055 +\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233 +\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076 +\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275 +\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027 +\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005 +\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071 +\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164 +\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142 +\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020 +\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217 +\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104 +\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301 +\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361 +\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211 +\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034 +\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361 +\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262 +\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370 +\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066 +\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164 +\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060 +\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226 +\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004 +\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334 +\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360 +\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071 +\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125 +\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030 +\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222 +\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043 +\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016 +\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065 +\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037 +\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041 +\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104 +\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004 +\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201 +\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140 +\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037 +\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323 +\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261 +\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322 +\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056 +\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206 +\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264 +\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144 +\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362 +\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117 +\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122 +\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333 +\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310 +\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235 +\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055 +\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355 +\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204 +\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037 +\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165 +\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165 +\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017 +\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262 +\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340 +\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011 +\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111 +\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034 +\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336 +\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043 +\326\214\161 +END + +# Trust for "OpenTrust Root CA G1" +# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR +# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 +# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 08:45:50 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 +# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024 +\351\130\325\176 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332 +END +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 +\153\143\216\147 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "OpenTrust Root CA G2" +# +# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR +# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 +# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 +# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 +\110\277\046\021 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 +\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046 +\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 +\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 +\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 +\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 +\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 +\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337 +\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335 +\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241 +\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104 +\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302 +\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036 +\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102 +\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076 +\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372 +\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171 +\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253 +\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304 +\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102 +\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127 +\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322 +\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147 +\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003 +\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327 +\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035 +\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213 +\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162 +\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312 +\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134 +\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207 +\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210 +\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123 +\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370 +\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033 +\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037 +\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277 +\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005 +\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370 +\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016 +\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367 +\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037 +\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042 +\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060 +\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202 +\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246 +\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263 +\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117 +\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244 +\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064 +\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141 +\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002 +\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223 +\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354 +\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117 +\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123 +\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007 +\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057 +\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266 +\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305 +\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126 +\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332 +\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213 +\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225 +\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366 +\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050 +\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360 +\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124 +\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115 +\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051 +\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200 +\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140 +\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225 +\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037 +\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030 +\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377 +\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014 +\113\122\012 +END + +# Trust for "OpenTrust Root CA G2" +# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR +# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 +# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 +# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315 +\021\357\140\013 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353 +END +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 +\110\277\046\021 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "OpenTrust Root CA G3" +# +# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR +# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f +# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 +# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 +\033\064\140\077 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021 +\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140 +\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061 +\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020 +\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164 +\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124 +\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060 +\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132 +\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060 +\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 +\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165 +\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145 +\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107 +\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 +\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146 +\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211 +\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024 +\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135 +\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266 +\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262 +\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006 +\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 +\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071 +\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006 +\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142 +\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012 +\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002 +\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051 +\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252 +\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217 +\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373 +\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161 +\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352 +\315\215\361\373\301 +END + +# Trust for "OpenTrust Root CA G3" +# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR +# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f +# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR +# Not Valid Before: Mon May 26 00:00:00 2014 +# Not Valid After : Fri Jan 15 00:00:00 2038 +# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 +# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OpenTrust Root CA G3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330 +\023\332\212\246 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044 +END +CKA_ISSUER MULTILINE_OCTAL +\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 +\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 +\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 +\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 +\033\064\140\077 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "ISRG Root X1" +# +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "ISRG Root X1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 +\202\213\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000 +\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051 +\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145 +\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141 +\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125 +\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061 +\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070 +\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132 +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034 +\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165 +\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104 +\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176 +\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232 +\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255 +\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224 +\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157 +\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003 +\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026 +\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173 +\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023 +\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207 +\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064 +\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320 +\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002 +\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016 +\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326 +\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057 +\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254 +\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335 +\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247 +\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121 +\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163 +\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347 +\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060 +\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272 +\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360 +\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152 +\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367 +\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210 +\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063 +\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 +\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001 +\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125 +\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051 +\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113 +\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140 +\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340 +\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220 +\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357 +\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372 +\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212 +\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211 +\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267 +\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071 +\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206 +\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211 +\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053 +\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025 +\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327 +\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102 +\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114 +\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123 +\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134 +\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171 +\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055 +\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152 +\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055 +\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334 +\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300 +\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044 +\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172 +\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335 +\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006 +\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137 +\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 +END + +# Trust for "ISRG Root X1" +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "ISRG Root X1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235 +\103\051\245\350 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116 +END +CKA_ISSUER MULTILINE_OCTAL +\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 +\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 +\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 +\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 +\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 +\202\213\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "AC RAIZ FNMT-RCM" +# +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 +\007 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\203\060\202\003\153\240\003\002\001\002\002\017\135 +\223\215\060\147\066\310\006\035\032\307\124\204\151\007\060\015 +\006\011\052\206\110\206\367\015\001\001\013\005\000\060\073\061 +\013\060\011\006\003\125\004\006\023\002\105\123\061\021\060\017 +\006\003\125\004\012\014\010\106\116\115\124\055\122\103\115\061 +\031\060\027\006\003\125\004\013\014\020\101\103\040\122\101\111 +\132\040\106\116\115\124\055\122\103\115\060\036\027\015\060\070 +\061\060\062\071\061\065\065\071\065\066\132\027\015\063\060\060 +\061\060\061\060\060\060\060\060\060\132\060\073\061\013\060\011 +\006\003\125\004\006\023\002\105\123\061\021\060\017\006\003\125 +\004\012\014\010\106\116\115\124\055\122\103\115\061\031\060\027 +\006\003\125\004\013\014\020\101\103\040\122\101\111\132\040\106 +\116\115\124\055\122\103\115\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\272\161\200\172\114\206\156\177 +\310\023\155\300\306\175\034\000\227\217\054\014\043\273\020\232 +\100\251\032\267\207\210\370\233\126\152\373\346\173\216\213\222 +\216\247\045\135\131\021\333\066\056\267\121\027\037\251\010\037 +\004\027\044\130\252\067\112\030\337\345\071\324\127\375\327\301 +\054\221\001\221\342\042\324\003\300\130\374\167\107\354\217\076 +\164\103\272\254\064\215\115\070\166\147\216\260\310\157\060\063 +\130\161\134\264\365\153\156\324\001\120\270\023\176\154\112\243 +\111\321\040\031\356\274\300\051\030\145\247\336\376\357\335\012 +\220\041\347\032\147\222\102\020\230\137\117\060\274\076\034\105 +\264\020\327\150\100\024\300\100\372\347\167\027\172\346\013\217 +\145\133\074\331\232\122\333\265\275\236\106\317\075\353\221\005 +\002\300\226\262\166\114\115\020\226\073\222\372\234\177\017\231 +\337\276\043\065\105\036\002\134\376\265\250\233\231\045\332\136 +\363\042\303\071\365\344\052\056\323\306\037\304\154\252\305\034 +\152\001\005\112\057\322\305\301\250\064\046\135\146\245\322\002 +\041\371\030\267\006\365\116\231\157\250\253\114\121\350\317\120 +\030\305\167\310\071\011\054\111\222\062\231\250\273\027\027\171 +\260\132\305\346\243\304\131\145\107\065\203\136\251\350\065\013 +\231\273\344\315\040\306\233\112\006\071\265\150\374\042\272\356 +\125\214\053\116\352\363\261\343\374\266\231\232\325\102\372\161 +\115\010\317\207\036\152\161\175\371\323\264\351\245\161\201\173 +\302\116\107\226\245\366\166\205\243\050\217\351\200\156\201\123 +\245\155\137\270\110\371\302\371\066\246\056\111\377\270\226\302 +\214\007\263\233\210\130\374\353\033\034\336\055\160\342\227\222 +\060\241\211\343\274\125\250\047\326\113\355\220\255\213\372\143 +\045\131\055\250\065\335\312\227\063\274\345\315\307\235\321\354 +\357\136\016\112\220\006\046\143\255\271\331\065\055\007\272\166 +\145\054\254\127\217\175\364\007\224\327\201\002\226\135\243\007 +\111\325\172\320\127\371\033\347\123\106\165\252\260\171\102\313 +\150\161\010\351\140\275\071\151\316\364\257\303\126\100\307\255 +\122\242\011\344\157\206\107\212\037\353\050\047\135\203\040\257 +\004\311\154\126\232\213\106\365\002\003\001\000\001\243\201\203 +\060\201\200\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\367 +\175\305\375\304\350\232\033\167\144\247\365\035\240\314\277\207 +\140\232\155\060\076\006\003\125\035\040\004\067\060\065\060\063 +\006\004\125\035\040\000\060\053\060\051\006\010\053\006\001\005 +\005\007\002\001\026\035\150\164\164\160\072\057\057\167\167\167 +\056\143\145\162\164\056\146\156\155\164\056\145\163\057\144\160 +\143\163\057\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\002\001\000\007\220\112\337\363\043\116\360\303 +\234\121\145\233\234\042\242\212\014\205\363\163\051\153\115\376 +\001\342\251\014\143\001\277\004\147\245\235\230\137\375\001\023 +\372\354\232\142\351\206\376\266\142\322\156\114\224\373\300\165 +\105\174\145\014\370\262\067\317\254\017\317\215\157\371\031\367 +\217\354\036\362\160\236\360\312\270\357\267\377\166\067\166\133 +\366\156\210\363\257\142\062\042\223\015\072\152\216\024\146\014 +\055\123\164\127\145\036\325\262\335\043\201\073\245\146\043\047 +\147\011\217\341\167\252\103\315\145\121\010\355\121\130\376\346 +\071\371\313\107\204\244\025\361\166\273\244\356\244\073\304\137 +\357\262\063\226\021\030\267\311\145\276\030\341\243\244\334\372 +\030\371\323\274\023\233\071\172\064\272\323\101\373\372\062\212 +\052\267\053\206\013\151\203\070\276\315\212\056\013\160\255\215 +\046\222\356\036\365\001\053\012\331\326\227\233\156\340\250\031 +\034\072\041\213\014\036\100\255\003\347\335\146\176\365\271\040 +\015\003\350\226\371\202\105\324\071\340\240\000\135\327\230\346 +\175\236\147\163\303\232\052\367\253\213\241\072\024\357\064\274 +\122\016\211\230\232\004\100\204\035\176\105\151\223\127\316\353 +\316\370\120\174\117\034\156\004\103\233\371\326\073\043\030\351 +\352\216\321\115\106\215\361\073\344\152\312\272\373\043\267\233 +\372\231\001\051\132\130\132\055\343\371\324\155\016\046\255\301 +\156\064\274\062\370\014\005\372\145\243\333\073\067\203\042\351 +\326\334\162\063\375\135\362\040\275\166\074\043\332\050\367\371 +\033\353\131\144\325\334\137\162\176\040\374\315\211\265\220\147 +\115\142\172\077\116\255\035\303\071\376\172\364\050\026\337\101 +\366\110\200\005\327\017\121\171\254\020\253\324\354\003\146\346 +\152\260\272\061\222\102\100\152\276\072\323\162\341\152\067\125 +\274\254\035\225\267\151\141\362\103\221\164\346\240\323\012\044 +\106\241\010\257\326\332\105\031\226\324\123\035\133\204\171\360 +\300\367\107\357\213\217\305\006\256\235\114\142\235\377\106\004 +\370\323\311\266\020\045\100\165\376\026\252\311\112\140\206\057 +\272\357\060\167\344\124\342\270\204\231\130\200\252\023\213\121 +\072\117\110\366\213\266\263 +END + +# Trust for "AC RAIZ FNMT-RCM" +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\354\120\065\007\262\025\304\225\142\031\342\250\232\133\102\231 +\054\114\054\040 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\342\011\004\264\323\275\321\240\024\375\032\322\107\304\127\035 +END +CKA_ISSUER MULTILINE_OCTAL +\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 +\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 +\122\101\111\132\040\106\116\115\124\055\122\103\115 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 +\007 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Amazon Root CA 1" +# +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 +\346\226\066\133\312 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\101\060\202\002\051\240\003\002\001\002\002\023\006 +\154\237\317\231\277\214\012\071\342\360\170\212\103\346\226\066 +\133\312\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 +\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 +\157\156\040\122\157\157\164\040\103\101\040\061\060\036\027\015 +\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\063 +\070\060\061\061\067\060\060\060\060\060\060\132\060\071\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 +\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 +\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 +\157\164\040\103\101\040\061\060\202\001\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 +\202\001\012\002\202\001\001\000\262\170\200\161\312\170\325\343 +\161\257\107\200\120\164\175\156\330\327\210\166\364\231\150\367 +\130\041\140\371\164\204\001\057\254\002\055\206\323\240\103\172 +\116\262\244\320\066\272\001\276\215\333\110\310\007\027\066\114 +\364\356\210\043\307\076\353\067\365\265\031\370\111\150\260\336 +\327\271\166\070\035\141\236\244\376\202\066\245\345\112\126\344 +\105\341\371\375\264\026\372\164\332\234\233\065\071\057\372\260 +\040\120\006\154\172\320\200\262\246\371\257\354\107\031\217\120 +\070\007\334\242\207\071\130\370\272\325\251\371\110\147\060\226 +\356\224\170\136\157\211\243\121\300\060\206\146\241\105\146\272 +\124\353\243\303\221\371\110\334\377\321\350\060\055\175\055\164 +\160\065\327\210\044\367\236\304\131\156\273\163\207\027\362\062 +\106\050\270\103\372\267\035\252\312\264\362\237\044\016\055\113 +\367\161\134\136\151\377\352\225\002\313\070\212\256\120\070\157 +\333\373\055\142\033\305\307\036\124\341\167\340\147\310\017\234 +\207\043\326\077\100\040\177\040\200\304\200\114\076\073\044\046 +\216\004\256\154\232\310\252\015\002\003\001\000\001\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\206\060\035\006\003\125\035\016\004\026\004\024\204\030\314 +\205\064\354\274\014\224\224\056\010\131\234\307\262\020\116\012 +\010\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\001\001\000\230\362\067\132\101\220\241\032\305\166\121 +\050\040\066\043\016\256\346\050\273\252\370\224\256\110\244\060 +\177\033\374\044\215\113\264\310\241\227\366\266\361\172\160\310 +\123\223\314\010\050\343\230\045\317\043\244\371\336\041\323\174 +\205\011\255\116\232\165\072\302\013\152\211\170\166\104\107\030 +\145\154\215\101\216\073\177\232\313\364\265\247\120\327\005\054 +\067\350\003\113\255\351\141\240\002\156\365\362\360\305\262\355 +\133\267\334\372\224\134\167\236\023\245\177\122\255\225\362\370 +\223\073\336\213\134\133\312\132\122\133\140\257\024\367\113\357 +\243\373\237\100\225\155\061\124\374\102\323\307\106\037\043\255 +\331\017\110\160\232\331\165\170\161\321\162\103\064\165\156\127 +\131\302\002\134\046\140\051\317\043\031\026\216\210\103\245\324 +\344\313\010\373\043\021\103\350\103\051\162\142\241\251\135\136 +\010\324\220\256\270\330\316\024\302\320\125\362\206\366\304\223 +\103\167\146\141\300\271\350\101\327\227\170\140\003\156\112\162 +\256\245\321\175\272\020\236\206\154\033\212\271\131\063\370\353 +\304\220\276\361\271 +END + +# Trust for "Amazon Root CA 1" +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\215\247\371\145\354\136\374\067\221\017\034\156\131\375\301\314 +\152\156\336\026 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\103\306\277\256\354\376\255\057\030\306\210\150\060\374\310\346 +END +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 +\346\226\066\133\312 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Amazon Root CA 2" +# +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 +\133\046\273\212\067 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\101\060\202\003\051\240\003\002\001\002\002\023\006 +\154\237\322\226\065\206\237\012\017\345\206\170\370\133\046\273 +\212\067\060\015\006\011\052\206\110\206\367\015\001\001\014\005 +\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 +\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 +\157\156\040\122\157\157\164\040\103\101\040\062\060\036\027\015 +\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\064 +\060\060\065\062\066\060\060\060\060\060\060\132\060\071\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 +\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 +\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 +\157\164\040\103\101\040\062\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\255\226\237\055\234\112\114\112 +\201\171\121\231\354\212\313\153\140\121\023\274\115\155\006\374 +\260\010\215\335\031\020\152\307\046\014\065\330\300\157\040\204 +\351\224\261\233\205\003\303\133\333\112\350\310\370\220\166\331 +\133\117\343\114\350\006\066\115\314\232\254\075\014\220\053\222 +\324\006\031\140\254\067\104\171\205\201\202\255\132\067\340\015 +\314\235\246\114\122\166\352\103\235\267\004\321\120\366\125\340 +\325\322\246\111\205\351\067\351\312\176\256\134\225\115\110\232 +\077\256\040\132\155\210\225\331\064\270\122\032\103\220\260\277 +\154\005\271\266\170\267\352\320\344\072\074\022\123\142\377\112 +\362\173\276\065\005\251\022\064\343\363\144\164\142\054\075\000 +\111\132\050\376\062\104\273\207\335\145\047\002\161\073\332\112 +\367\037\332\315\367\041\125\220\117\017\354\256\202\341\237\153 +\331\105\323\273\360\137\207\355\074\054\071\206\332\077\336\354 +\162\125\353\171\243\255\333\335\174\260\272\034\316\374\336\117 +\065\166\317\017\370\170\037\152\066\121\106\047\141\133\351\236 +\317\360\242\125\175\174\045\212\157\057\264\305\317\204\056\053 +\375\015\121\020\154\373\137\033\274\033\176\305\256\073\230\001 +\061\222\377\013\127\364\232\262\271\127\351\253\357\015\166\321 +\360\356\364\316\206\247\340\156\351\264\151\241\337\151\366\063 +\306\151\056\227\023\236\245\207\260\127\020\201\067\311\123\263 +\273\177\366\222\321\234\320\030\364\222\156\332\203\117\246\143 +\231\114\245\373\136\357\041\144\172\040\137\154\144\205\025\313 +\067\351\142\014\013\052\026\334\001\056\062\332\076\113\365\236 +\072\366\027\100\224\357\236\221\010\206\372\276\143\250\132\063 +\354\313\164\103\225\371\154\151\122\066\307\051\157\374\125\003 +\134\037\373\237\275\107\353\347\111\107\225\013\116\211\042\011 +\111\340\365\141\036\361\277\056\212\162\156\200\131\377\127\072 +\371\165\062\243\116\137\354\355\050\142\331\115\163\362\314\201 +\027\140\355\315\353\334\333\247\312\305\176\002\275\362\124\010 +\124\375\264\055\011\054\027\124\112\230\321\124\341\121\147\010 +\322\355\156\176\157\077\322\055\201\131\051\146\313\220\071\225 +\021\036\164\047\376\335\353\257\002\003\001\000\001\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\206\060\035\006\003\125\035\016\004\026\004\024\260\014\360 +\114\060\364\005\130\002\110\375\063\345\122\257\113\204\343\146 +\122\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000 +\003\202\002\001\000\252\250\200\217\016\170\243\340\242\324\315 +\346\365\230\172\073\352\000\003\260\227\016\223\274\132\250\366 +\054\214\162\207\251\261\374\177\163\375\143\161\170\245\207\131 +\317\060\341\015\020\262\023\132\155\202\365\152\346\200\237\240 +\005\013\150\344\107\153\307\152\337\266\375\167\062\162\345\030 +\372\011\364\240\223\054\135\322\214\165\205\166\145\220\014\003 +\171\267\061\043\143\255\170\203\011\206\150\204\312\377\371\317 +\046\232\222\171\347\315\113\305\347\141\247\027\313\363\251\022 +\223\223\153\247\350\057\123\222\304\140\130\260\314\002\121\030 +\133\205\215\142\131\143\266\255\264\336\232\373\046\367\000\047 +\300\135\125\067\164\231\311\120\177\343\131\056\104\343\054\045 +\356\354\114\062\167\264\237\032\351\113\135\040\305\332\375\034 +\207\026\306\103\350\324\273\046\232\105\160\136\251\013\067\123 +\342\106\173\047\375\340\106\362\211\267\314\102\266\313\050\046 +\156\331\245\311\072\310\101\023\140\367\120\214\025\256\262\155 +\032\025\032\127\170\346\222\052\331\145\220\202\077\154\002\257 +\256\022\072\047\226\066\004\327\035\242\200\143\251\233\361\345 +\272\264\174\024\260\116\311\261\037\164\137\070\366\121\352\233 +\372\054\242\021\324\251\055\047\032\105\261\257\262\116\161\015 +\300\130\106\326\151\006\313\123\313\263\376\153\101\315\101\176 +\175\114\017\174\162\171\172\131\315\136\112\016\254\233\251\230 +\163\171\174\264\364\314\271\270\007\014\262\164\134\270\307\157 +\210\241\220\247\364\252\371\277\147\072\364\032\025\142\036\267 +\237\276\075\261\051\257\147\241\022\362\130\020\031\123\003\060 +\033\270\032\211\366\234\275\227\003\216\243\011\363\035\213\041 +\361\264\337\344\034\321\237\145\002\006\352\134\326\023\263\204 +\357\242\245\134\214\167\051\247\150\300\153\256\100\322\250\264 +\352\315\360\215\113\070\234\031\232\033\050\124\270\211\220\357 +\312\165\201\076\036\362\144\044\307\030\257\116\377\107\236\007 +\366\065\145\244\323\012\126\377\365\027\144\154\357\250\042\045 +\111\223\266\337\000\027\332\130\176\135\356\305\033\260\321\321 +\137\041\020\307\371\363\272\002\012\047\007\305\361\326\307\323 +\340\373\011\140\154 +END + +# Trust for "Amazon Root CA 2" +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\132\214\357\105\327\246\230\131\166\172\214\213\104\226\265\170 +\317\107\113\032 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\310\345\215\316\250\102\342\172\300\052\134\174\236\046\277\146 +END +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 +\133\046\273\212\067 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Amazon Root CA 3" +# +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 +\236\166\003\362\112 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\001\266\060\202\001\133\240\003\002\001\002\002\023\006 +\154\237\325\164\227\066\146\077\073\013\232\331\350\236\166\003 +\362\112\060\012\006\010\052\206\110\316\075\004\003\002\060\071 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 +\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 +\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 +\122\157\157\164\040\103\101\040\063\060\036\027\015\061\065\060 +\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 +\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 +\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 +\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 +\103\101\040\063\060\131\060\023\006\007\052\206\110\316\075\002 +\001\006\010\052\206\110\316\075\003\001\007\003\102\000\004\051 +\227\247\306\101\177\300\015\233\350\001\033\126\306\362\122\245 +\272\055\262\022\350\322\056\327\372\311\305\330\252\155\037\163 +\201\073\073\230\153\071\174\063\245\305\116\206\216\200\027\150 +\142\105\127\175\104\130\035\263\067\345\147\010\353\146\336\243 +\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\206\060\035\006\003\125\035\016\004\026\004\024\253 +\266\333\327\006\236\067\254\060\206\007\221\160\307\234\304\031 +\261\170\300\060\012\006\010\052\206\110\316\075\004\003\002\003 +\111\000\060\106\002\041\000\340\205\222\243\027\267\215\371\053 +\006\245\223\254\032\230\150\141\162\372\341\241\320\373\034\170 +\140\246\103\231\305\270\304\002\041\000\234\002\357\361\224\234 +\263\226\371\353\306\052\370\266\054\376\072\220\024\026\327\214 +\143\044\110\034\337\060\175\325\150\073 +END + +# Trust for "Amazon Root CA 3" +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\015\104\335\214\074\214\032\032\130\165\144\201\351\017\056\052 +\377\263\322\156 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\240\324\357\013\367\265\330\111\225\052\354\365\304\374\201\207 +END +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 +\236\166\003\362\112 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Amazon Root CA 4" +# +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 +\054\310\032\301\016 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\001\362\060\202\001\170\240\003\002\001\002\002\023\006 +\154\237\327\301\273\020\114\051\103\345\161\173\173\054\310\032 +\301\016\060\012\006\010\052\206\110\316\075\004\003\003\060\071 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 +\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 +\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 +\122\157\157\164\040\103\101\040\064\060\036\027\015\061\065\060 +\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 +\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 +\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 +\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 +\103\101\040\064\060\166\060\020\006\007\052\206\110\316\075\002 +\001\006\005\053\201\004\000\042\003\142\000\004\322\253\212\067 +\117\243\123\015\376\301\212\173\113\250\173\106\113\143\260\142 +\366\055\033\333\010\161\041\322\000\350\143\275\232\047\373\360 +\071\156\135\352\075\245\311\201\252\243\133\040\230\105\135\026 +\333\375\350\020\155\343\234\340\343\275\137\204\142\363\160\144 +\063\240\313\044\057\160\272\210\241\052\240\165\370\201\256\142 +\006\304\201\333\071\156\051\260\036\372\056\134\243\102\060\100 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 +\206\060\035\006\003\125\035\016\004\026\004\024\323\354\307\072 +\145\156\314\341\332\166\232\126\373\234\363\206\155\127\345\201 +\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000\060 +\145\002\060\072\213\041\361\275\176\021\255\320\357\130\226\057 +\326\353\235\176\220\215\053\317\146\125\303\054\343\050\251\160 +\012\107\016\360\067\131\022\377\055\231\224\050\116\052\117\065 +\115\063\132\002\061\000\352\165\000\116\073\304\072\224\022\221 +\311\130\106\235\041\023\162\247\210\234\212\344\114\112\333\226 +\324\254\213\153\153\111\022\123\063\255\327\344\276\044\374\265 +\012\166\324\245\274\020 +END + +# Trust for "Amazon Root CA 4" +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Amazon Root CA 4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\366\020\204\007\326\370\273\147\230\014\302\342\104\302\353\256 +\034\357\143\276 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\211\274\047\325\353\027\215\006\152\151\325\375\211\107\264\315 +END +CKA_ISSUER MULTILINE_OCTAL +\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 +\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 +\156\040\122\157\157\164\040\103\101\040\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 +\054\310\032\301\016 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "LuxTrust Global Root 2" +# +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "LuxTrust Global Root 2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 +\025\323\026\177\273\261 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012 +\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026 +\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114 +\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124 +\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125 +\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157 +\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065 +\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060 +\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011 +\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125 +\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101 +\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124 +\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164 +\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207 +\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305 +\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106 +\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113 +\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246 +\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102 +\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154 +\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365 +\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300 +\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345 +\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047 +\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134 +\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306 +\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370 +\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310 +\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231 +\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031 +\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027 +\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130 +\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146 +\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014 +\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153 +\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040 +\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255 +\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150 +\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176 +\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061 +\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271 +\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243 +\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151 +\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213 +\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207 +\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201 +\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005 +\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160 +\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164 +\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024 +\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123 +\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377 +\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370 +\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207 +\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160 +\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375 +\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056 +\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311 +\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316 +\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234 +\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145 +\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075 +\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342 +\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214 +\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134 +\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165 +\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126 +\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276 +\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336 +\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167 +\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377 +\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337 +\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102 +\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336 +\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375 +\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204 +\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037 +\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301 +\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370 +\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376 +\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377 +\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175 +\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072 +\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125 +\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154 +\045\307\043\200\203\012\353 +END + +# Trust for "LuxTrust Global Root 2" +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "LuxTrust Global Root 2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004 +\027\231\137\077 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174 +END +CKA_ISSUER MULTILINE_OCTAL +\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 +\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 +\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 +\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 +\154\040\122\157\157\164\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 +\025\323\026\177\273\261 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Symantec Class 1 Public Primary Certification Authority - G6" +# +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 +\363\230 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\044 +\062\165\362\035\057\322\011\063\367\264\152\312\320\363\230\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 +\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 +\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 +\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 +\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 +\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 +\143\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143 +\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 +\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 +\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 +\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 +\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 +\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 +\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 +\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\061 +\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 +\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\001\017\000\060\202\001\012\002\202\001\001\000\307\071\327 +\111\144\251\231\202\042\114\352\105\331\007\026\343\173\364\203 +\350\231\163\372\153\261\066\340\232\167\240\100\302\201\215\001 +\307\314\214\275\217\175\367\171\343\172\114\003\115\331\373\375 +\207\070\050\054\335\232\213\124\010\333\147\373\033\214\376\050 +\222\057\276\267\262\110\247\201\241\330\136\210\303\314\071\100 +\101\132\321\334\345\332\020\237\057\332\001\115\375\056\106\174 +\371\056\047\012\151\067\356\221\243\033\152\314\104\277\033\307 +\303\324\021\262\120\140\227\011\275\056\042\365\101\204\146\237 +\315\100\246\251\000\200\301\037\225\222\237\336\363\110\357\333 +\035\167\141\374\177\337\356\226\244\162\320\266\076\377\170\047 +\257\313\222\025\151\010\333\143\020\342\346\227\254\156\334\254 +\366\242\316\036\107\231\271\211\267\022\346\241\324\315\131\021 +\147\303\157\205\330\102\116\050\276\131\125\131\004\225\253\217 +\067\200\277\015\360\374\037\072\144\061\130\201\170\327\342\065 +\366\040\077\051\270\217\026\156\076\110\334\265\114\007\341\362 +\032\352\176\012\171\326\250\275\353\135\206\053\115\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\063\101\350\310\071\022\025\223\110\362\226\062\056\132 +\365\332\224\137\123\140\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\001\001\000\025\343\163\127\261\027 +\266\137\111\151\104\246\366\136\172\147\254\322\336\165\111\253 +\376\045\125\307\072\311\104\025\020\156\277\061\153\313\331\007 +\223\177\034\205\143\000\343\062\022\340\314\313\373\071\154\217 +\342\123\342\074\100\063\331\244\214\107\346\255\130\373\211\257 +\343\336\206\051\126\064\054\105\270\022\372\104\211\156\055\024 +\045\050\044\001\145\326\352\122\254\005\156\126\022\011\075\320 +\164\364\327\275\006\312\250\072\215\126\102\372\215\162\076\164 +\361\003\162\337\207\033\136\016\172\125\226\054\070\267\230\205 +\315\115\063\104\311\224\217\132\061\060\067\113\243\072\022\263 +\347\066\321\041\150\113\055\070\346\123\256\034\045\126\010\126 +\003\147\204\235\306\303\316\044\142\307\114\066\317\260\006\104 +\267\365\137\002\335\331\124\351\057\220\116\172\310\116\203\100 +\014\232\227\074\067\277\277\354\366\360\264\205\167\050\301\013 +\310\147\202\020\027\070\242\267\006\352\233\277\072\370\351\043 +\007\277\164\340\230\070\025\125\170\356\162\000\134\031\243\364 +\322\063\340\377\275\321\124\071\051\017 +END + +# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\121\177\141\036\051\221\153\123\202\373\162\347\104\331\215\303 +\314\123\155\144 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\057\250\264\332\366\144\113\036\202\371\106\075\124\032\174\260 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 +\363\230 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Symantec Class 2 Public Primary Certification Authority - G6" +# +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 +\377\101 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\144 +\202\236\374\067\036\164\135\374\227\377\227\310\261\377\101\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 +\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 +\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 +\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 +\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 +\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 +\143\040\103\154\141\163\163\040\062\040\120\165\142\154\151\143 +\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 +\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 +\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 +\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 +\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 +\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 +\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 +\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\062 +\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 +\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 +\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\001\017\000\060\202\001\012\002\202\001\001\000\315\314\351 +\005\310\143\205\313\077\100\143\027\275\030\372\065\346\004\147 +\127\145\230\051\244\117\311\134\217\017\064\322\370\332\250\023 +\142\252\270\036\120\147\170\260\026\114\240\071\251\025\172\256 +\355\322\242\300\360\220\067\051\030\046\134\350\015\074\266\154 +\111\077\301\340\334\331\113\266\024\031\013\246\323\226\341\326 +\011\343\031\046\034\371\037\145\113\371\032\103\034\000\203\326 +\320\252\111\242\324\333\346\142\070\272\120\024\103\155\371\061 +\370\126\026\331\070\002\221\317\353\154\335\273\071\116\231\341 +\060\147\105\361\324\360\215\303\337\376\362\070\007\041\175\000 +\136\126\104\263\344\140\275\221\053\234\253\133\004\162\017\262 +\050\331\162\253\005\040\102\045\251\133\003\152\040\020\314\061 +\360\053\332\065\054\320\373\232\227\116\360\202\113\053\330\137 +\066\243\013\055\257\143\015\035\045\177\241\156\134\142\241\215 +\050\076\241\374\034\040\370\001\057\272\125\232\021\260\031\322 +\310\120\171\153\016\152\005\327\252\004\066\262\243\362\341\137 +\167\247\167\234\345\036\334\351\337\152\301\145\135\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\207\214\040\225\310\230\112\321\326\200\006\112\220\064 +\104\337\034\115\277\260\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\001\001\000\201\216\262\245\146\226 +\267\041\245\266\357\157\043\132\137\333\201\305\102\245\170\301 +\151\375\364\074\327\371\134\153\160\162\032\374\132\227\115\000 +\200\210\210\202\212\303\161\015\216\305\211\233\054\355\215\013 +\322\162\124\365\175\324\134\103\127\351\363\256\245\002\021\366 +\166\053\201\127\335\175\332\164\060\375\124\107\366\340\026\156 +\246\264\012\110\346\347\165\007\017\051\031\071\316\171\364\266 +\154\305\137\231\325\037\113\372\337\155\054\074\015\124\200\160 +\360\210\013\200\317\306\150\242\270\035\160\331\166\214\374\356 +\245\311\317\255\035\317\231\045\127\132\142\105\313\026\153\275 +\111\315\245\243\214\151\171\045\256\270\114\154\213\100\146\113 +\026\077\317\002\032\335\341\154\153\007\141\152\166\025\051\231 +\177\033\335\210\200\301\277\265\217\163\305\246\226\043\204\246 +\050\206\044\063\152\001\056\127\163\045\266\136\277\217\346\035 +\141\250\100\051\147\035\207\233\035\177\233\237\231\315\061\326 +\124\276\142\273\071\254\150\022\110\221\040\245\313\261\335\376 +\157\374\132\344\202\125\131\257\061\251 +END + +# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302 +\121\324\035\217 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\066 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 +\377\101 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Symantec Class 1 Public Primary Certification Authority - G4" +# +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 +\304\330 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041 +\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 +\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 +\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 +\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 +\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 +\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 +\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162 +\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 +\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 +\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 +\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 +\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 +\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 +\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 +\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165 +\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073 +\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122 +\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221 +\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026 +\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267 +\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252 +\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132 +\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003 +\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230 +\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161 +\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271 +\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332 +\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154 +\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150 +\362\014\105\111\071\277\231\004\034\323\020\240 +END + +# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277 +\301\137\346\147 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 +\304\330 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Symantec Class 2 Public Primary Certification Authority - G4" +# +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 +\246\036 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064 +\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 +\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 +\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 +\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 +\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 +\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 +\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 +\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162 +\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 +\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 +\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 +\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 +\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 +\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 +\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 +\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 +\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 +\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 +\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165 +\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372 +\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222 +\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077 +\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052 +\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011 +\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233 +\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124 +\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003 +\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265 +\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177 +\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172 +\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206 +\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216 +\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377 +\051\246\330\107\331\240\226\030\333\362\105\263 +END + +# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054 +\251\165\375\053 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 +\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 +\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 +\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 +\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 +\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 +\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 +\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 +\164\171\040\055\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 +\246\036 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/nss/lib/ckfw/builtins/ckbiver.c b/nss/lib/ckfw/builtins/ckbiver.c index 41783b2..208066c 100644 --- a/nss/lib/ckfw/builtins/ckbiver.c +++ b/nss/lib/ckfw/builtins/ckbiver.c @@ -15,5 +15,4 @@ /* * Version information */ -const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; diff --git a/nss/lib/ckfw/builtins/config.mk b/nss/lib/ckfw/builtins/config.mk index b385ac6..6bd62f1 100644 --- a/nss/lib/ckfw/builtins/config.mk +++ b/nss/lib/ckfw/builtins/config.mk @@ -32,3 +32,7 @@ INCLUDES += -I. ifeq ($(OS_TARGET),Darwin) DSO_LDOPTS = -bundle endif + +ifdef USE_GCOV +DSO_LDOPTS += --coverage +endif diff --git a/nss/lib/ckfw/builtins/constants.c b/nss/lib/ckfw/builtins/constants.c index 71146e6..f5d267b 100644 --- a/nss/lib/ckfw/builtins/constants.c +++ b/nss/lib/ckfw/builtins/constants.c @@ -21,41 +21,44 @@ #endif /* NSSCKBI_H */ const CK_VERSION -nss_builtins_CryptokiVersion = { - NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR, - NSS_BUILTINS_CRYPTOKI_VERSION_MINOR }; + nss_builtins_CryptokiVersion = { + NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR, + NSS_BUILTINS_CRYPTOKI_VERSION_MINOR + }; const CK_VERSION -nss_builtins_LibraryVersion = { - NSS_BUILTINS_LIBRARY_VERSION_MAJOR, - NSS_BUILTINS_LIBRARY_VERSION_MINOR}; + nss_builtins_LibraryVersion = { + NSS_BUILTINS_LIBRARY_VERSION_MAJOR, + NSS_BUILTINS_LIBRARY_VERSION_MINOR + }; const CK_VERSION -nss_builtins_HardwareVersion = { - NSS_BUILTINS_HARDWARE_VERSION_MAJOR, - NSS_BUILTINS_HARDWARE_VERSION_MINOR }; + nss_builtins_HardwareVersion = { + NSS_BUILTINS_HARDWARE_VERSION_MAJOR, + NSS_BUILTINS_HARDWARE_VERSION_MINOR + }; const CK_VERSION -nss_builtins_FirmwareVersion = { - NSS_BUILTINS_FIRMWARE_VERSION_MAJOR, - NSS_BUILTINS_FIRMWARE_VERSION_MINOR }; + nss_builtins_FirmwareVersion = { + NSS_BUILTINS_FIRMWARE_VERSION_MAJOR, + NSS_BUILTINS_FIRMWARE_VERSION_MINOR + }; -const NSSUTF8 -nss_builtins_ManufacturerID[] = { "Mozilla Foundation" }; +const NSSUTF8 + nss_builtins_ManufacturerID[] = { "Mozilla Foundation" }; -const NSSUTF8 -nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" }; +const NSSUTF8 + nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" }; -const NSSUTF8 -nss_builtins_SlotDescription[] = { "NSS Builtin Objects" }; +const NSSUTF8 + nss_builtins_SlotDescription[] = { "NSS Builtin Objects" }; -const NSSUTF8 -nss_builtins_TokenLabel[] = { "Builtin Object Token" }; +const NSSUTF8 + nss_builtins_TokenLabel[] = { "Builtin Object Token" }; -const NSSUTF8 -nss_builtins_TokenModel[] = { "1" }; +const NSSUTF8 + nss_builtins_TokenModel[] = { "1" }; /* should this be e.g. the certdata.txt RCS revision number? */ -const NSSUTF8 -nss_builtins_TokenSerialNumber[] = { "1" }; - +const NSSUTF8 + nss_builtins_TokenSerialNumber[] = { "1" }; diff --git a/nss/lib/ckfw/builtins/exports.gyp b/nss/lib/ckfw/builtins/exports.gyp new file mode 100644 index 0000000..6a5c38f --- /dev/null +++ b/nss/lib/ckfw/builtins/exports.gyp @@ -0,0 +1,25 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_ckfw_builtins_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'nssckbi.h' + ], + 'destination': '<(nss_public_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/ckfw/builtins/nssckbi.h b/nss/lib/ckfw/builtins/nssckbi.h index 5ef3a49..4f1e357 100644 --- a/nss/lib/ckfw/builtins/nssckbi.h +++ b/nss/lib/ckfw/builtins/nssckbi.h @@ -18,7 +18,7 @@ #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped @@ -45,14 +45,14 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6 -#define NSS_BUILTINS_LIBRARY_VERSION "2.6" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11 +#define NSS_BUILTINS_LIBRARY_VERSION "2.11" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0 diff --git a/nss/lib/ckfw/capi/anchor.c b/nss/lib/ckfw/capi/anchor.c index 97f3f0d..2d1523e 100644 --- a/nss/lib/ckfw/capi/anchor.c +++ b/nss/lib/ckfw/capi/anchor.c @@ -6,7 +6,7 @@ * capi/canchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ diff --git a/nss/lib/ckfw/capi/cfind.c b/nss/lib/ckfw/capi/cfind.c index c17ed3c..9ea7fca 100644 --- a/nss/lib/ckfw/capi/cfind.c +++ b/nss/lib/ckfw/capi/cfind.c @@ -14,245 +14,234 @@ */ struct ckcapiFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - ckcapiInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckcapiInternalObject **objs; }; static void -ckcapi_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - PRUint32 i; - - /* walk down an free the unused 'objs' */ - for (i=fo->i; i < fo->n ; i++) { - nss_ckcapi_DestroyInternalObject(fo->objs[i]); - } - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - - return; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i = fo->i; i < fo->n; i++) { + nss_ckcapi_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; } static NSSCKMDObject * -ckcapi_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +ckcapi_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; - ckcapiInternalObject *io; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + ckcapiInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_ckcapi_CreateMDObject(arena, io, pError); + return nss_ckcapi_CreateMDObject(arena, io, pError); } static CK_BBOOL -ckcapi_attrmatch -( - CK_ATTRIBUTE_PTR a, - ckcapiInternalObject *o -) +ckcapi_attrmatch( + CK_ATTRIBUTE_PTR a, + ckcapiInternalObject *o) { - PRBool prb; - const NSSItem *b; - - b = nss_ckcapi_FetchAttribute(o, a->type); - if (b == NULL) { - return CK_FALSE; - } - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - unsigned int len; - unsigned char *data; - - data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL); - if ((len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + const NSSItem *b; + + b = nss_ckcapi_FetchAttribute(o, a->type); + if (b == NULL) { + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + unsigned int len; + unsigned char *data; + + data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } -} + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (PR_TRUE == prb) { + return CK_TRUE; + } else { + return CK_FALSE; + } +} static CK_BBOOL -ckcapi_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject *o -) +ckcapi_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject *o) { - CK_ULONG i; + CK_ULONG i; - for( i = 0; i < ulAttributeCount; i++ ) { - if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) { - return CK_FALSE; + for (i = 0; i < ulAttributeCount; i++) { + if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } -#define CKAPI_ITEM_CHUNK 20 - -#define PUT_Object(obj,err) \ - { \ - if (count >= size) { \ - *listp = *listp ? \ - nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ - (size+CKAPI_ITEM_CHUNK) ) : \ - nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ - (size+CKAPI_ITEM_CHUNK) ) ; \ - if ((ckcapiInternalObject **)NULL == *listp) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - size += CKAPI_ITEM_CHUNK; \ - } \ - (*listp)[ count ] = (obj); \ - count++; \ - } - +#define CKAPI_ITEM_CHUNK 20 + +#define PUT_Object(obj, err) \ + { \ + if (count >= size) { \ + *listp = *listp ? nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)) \ + : nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)); \ + if ((ckcapiInternalObject **)NULL == *listp) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + size += CKAPI_ITEM_CHUNK; \ + } \ + (*listp)[count] = (obj); \ + count++; \ + } /* * pass parameters back through the callback. */ typedef struct BareCollectParamsStr { - CK_OBJECT_CLASS objClass; - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - ckcapiInternalObject ***listp; - PRUint32 size; - PRUint32 count; + CK_OBJECT_CLASS objClass; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + ckcapiInternalObject ***listp; + PRUint32 size; + PRUint32 count; } BareCollectParams; /* collect_bare's callback. Called for each object that * supposedly has a PROVINDER_INFO property */ static BOOL WINAPI -doBareCollect -( - const CRYPT_HASH_BLOB *msKeyID, - DWORD flags, - void *reserved, - void *args, - DWORD cProp, - DWORD *propID, - void **propData, - DWORD *propSize -) +doBareCollect( + const CRYPT_HASH_BLOB *msKeyID, + DWORD flags, + void *reserved, + void *args, + DWORD cProp, + DWORD *propID, + void **propData, + DWORD *propSize) { - BareCollectParams *bcp = (BareCollectParams *) args; - PRUint32 size = bcp->size; - PRUint32 count = bcp->count; - ckcapiInternalObject ***listp = bcp->listp; - ckcapiInternalObject *io = NULL; - DWORD i; - CRYPT_KEY_PROV_INFO *keyProvInfo = NULL; - void *idData; - CK_RV error; - - /* make sure there is a Key Provider Info property */ - for (i=0; i < cProp; i++) { - if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) { - keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i]; - break; + BareCollectParams *bcp = (BareCollectParams *)args; + PRUint32 size = bcp->size; + PRUint32 count = bcp->count; + ckcapiInternalObject ***listp = bcp->listp; + ckcapiInternalObject *io = NULL; + DWORD i; + CRYPT_KEY_PROV_INFO *keyProvInfo = NULL; + void *idData; + CK_RV error; + + /* make sure there is a Key Provider Info property */ + for (i = 0; i < cProp; i++) { + if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) { + keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i]; + break; + } + } + if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) { + return 1; + } + + /* copy the key ID */ + idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData); + if ((void *)NULL == idData) { + goto loser; + } + nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData); + + /* build a bare internal object */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = bcp->objClass; + io->u.key.provInfo = *keyProvInfo; + io->u.key.provInfo.pwszContainerName = + nss_ckcapi_WideDup(keyProvInfo->pwszContainerName); + io->u.key.provInfo.pwszProvName = + nss_ckcapi_WideDup(keyProvInfo->pwszProvName); + io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + io->u.key.containerName = + nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName); + io->u.key.hProv = 0; + io->idData = idData; + io->id.data = idData; + io->id.size = msKeyID->cbData; + idData = NULL; + + /* see if it matches */ + if (CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io)) { + goto loser; } - } - if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) { + PUT_Object(io, error); + bcp->size = size; + bcp->count = count; return 1; - } - - /* copy the key ID */ - idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData); - if ((void *)NULL == idData) { - goto loser; - } - nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData); - - /* build a bare internal object */ - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - goto loser; - } - io->type = ckcapiBareKey; - io->objClass = bcp->objClass; - io->u.key.provInfo = *keyProvInfo; - io->u.key.provInfo.pwszContainerName = - nss_ckcapi_WideDup(keyProvInfo->pwszContainerName); - io->u.key.provInfo.pwszProvName = - nss_ckcapi_WideDup(keyProvInfo->pwszProvName); - io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); - io->u.key.containerName = - nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName); - io->u.key.hProv = 0; - io->idData = idData; - io->id.data = idData; - io->id.size = msKeyID->cbData; - idData = NULL; - - /* see if it matches */ - if( CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io) ) { - goto loser; - } - PUT_Object(io, error); - bcp->size = size; - bcp->count = count; - return 1; loser: - if (io) { - nss_ckcapi_DestroyInternalObject(io); - } - nss_ZFreeIf(idData); - return 1; + if (io) { + nss_ckcapi_DestroyInternalObject(io); + } + nss_ZFreeIf(idData); + return 1; } /* @@ -260,30 +249,29 @@ loser: */ static PRUint32 collect_bare( - CK_OBJECT_CLASS objClass, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - BOOL rc; - BareCollectParams bareCollectParams; + BOOL rc; + BareCollectParams bareCollectParams; - bareCollectParams.objClass = objClass; - bareCollectParams.pTemplate = pTemplate; - bareCollectParams.ulAttributeCount = ulAttributeCount; - bareCollectParams.listp = listp; - bareCollectParams.size = *sizep; - bareCollectParams.count = count; + bareCollectParams.objClass = objClass; + bareCollectParams.pTemplate = pTemplate; + bareCollectParams.ulAttributeCount = ulAttributeCount; + bareCollectParams.listp = listp; + bareCollectParams.size = *sizep; + bareCollectParams.count = count; - rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0, - NULL, NULL, &bareCollectParams, doBareCollect); + rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0, + NULL, NULL, &bareCollectParams, doBareCollect); - *sizep = bareCollectParams.size; - return bareCollectParams.count; + *sizep = bareCollectParams.size; + return bareCollectParams.count; } /* find all the certs that represent the appropriate object (cert, priv key, or @@ -291,291 +279,284 @@ collect_bare( */ static PRUint32 collect_class( - CK_OBJECT_CLASS objClass, - LPCSTR storeStr, - PRBool hasID, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + LPCSTR storeStr, + PRBool hasID, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - PRUint32 size = *sizep; - ckcapiInternalObject *next = NULL; - HCERTSTORE hStore; - PCCERT_CONTEXT certContext = NULL; - PRBool isKey = - (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY); - - hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); - if (NULL == hStore) { - return count; /* none found does not imply an error */ - } - - /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't + PRUint32 size = *sizep; + ckcapiInternalObject *next = NULL; + HCERTSTORE hStore; + PCCERT_CONTEXT certContext = NULL; + PRBool isKey = + (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY); + + hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); + if (NULL == hStore) { + return count; /* none found does not imply an error */ + } + + /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't * have to enumerate all the certificates */ - while ((PCERT_CONTEXT) NULL != - (certContext= CertEnumCertificatesInStore(hStore, certContext))) { - /* first filter out non user certs if we are looking for keys */ - if (isKey) { - /* make sure there is a Key Provider Info property */ - CRYPT_KEY_PROV_INFO *keyProvInfo; - DWORD size = 0; - BOOL rv; - rv =CertGetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, NULL, &size); - if (!rv) { - int reason = GetLastError(); - /* we only care if it exists, we don't really need to fetch it yet */ - if (reason == CRYPT_E_NOT_FOUND) { - continue; - } - } - /* filter out the non-microsoft providers */ - keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if (keyProvInfo) { - rv =CertGetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size); - if (rv) { - char *provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); - nss_ZFreeIf(keyProvInfo); - - if (provName && - (strncmp(provName, "Microsoft", sizeof("Microsoft")-1) != 0)) { - continue; - } - } else { - int reason = GetLastError(); - /* we only care if it exists, we don't really need to fetch it yet */ - nss_ZFreeIf(keyProvInfo); - if (reason == CRYPT_E_NOT_FOUND) { - continue; - } - + while ((PCERT_CONTEXT)NULL != + (certContext = CertEnumCertificatesInStore(hStore, certContext))) { + /* first filter out non user certs if we are looking for keys */ + if (isKey) { + /* make sure there is a Key Provider Info property */ + CRYPT_KEY_PROV_INFO *keyProvInfo; + DWORD size = 0; + BOOL rv; + rv = CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, NULL, &size); + if (!rv) { + int reason = GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + if (reason == CRYPT_E_NOT_FOUND) { + continue; + } + } + /* filter out the non-microsoft providers */ + keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if (keyProvInfo) { + rv = CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size); + if (rv) { + char *provName = + nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + nss_ZFreeIf(keyProvInfo); + + if (provName && + (strncmp(provName, "Microsoft", sizeof("Microsoft") - + 1) != 0)) { + continue; + } + } else { + int reason = + GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + nss_ZFreeIf(keyProvInfo); + if (reason == + CRYPT_E_NOT_FOUND) { + continue; + } + } + } + } + + if ((ckcapiInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + next->type = ckcapiCert; + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next)) { + /* clear cached values that may be dependent on our old certContext */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); + /* get a 'permanent' context */ + next->u.cert.certContext = CertDuplicateCertificateContext(certContext); + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + PUT_Object(next, *pError); + next = NULL; /* need to allocate a new one now */ + } else { + /* don't cache the values we just loaded */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); } - } - } - - if ((ckcapiInternalObject *)NULL == next) { - next = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == next) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - } - next->type = ckcapiCert; - next->objClass = objClass; - next->u.cert.certContext = certContext; - next->u.cert.hasID = hasID; - next->u.cert.certStore = storeStr; - if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next) ) { - /* clear cached values that may be dependent on our old certContext */ - memset(&next->u.cert, 0, sizeof(next->u.cert)); - /* get a 'permanent' context */ - next->u.cert.certContext = CertDuplicateCertificateContext(certContext); - next->objClass = objClass; - next->u.cert.certContext = certContext; - next->u.cert.hasID = hasID; - next->u.cert.certStore = storeStr; - PUT_Object(next, *pError); - next = NULL; /* need to allocate a new one now */ - } else { - /* don't cache the values we just loaded */ - memset(&next->u.cert, 0, sizeof(next->u.cert)); } - } loser: - CertCloseStore(hStore, 0); - nss_ZFreeIf(next); - *sizep = size; - return count; + CertCloseStore(hStore, 0); + nss_ZFreeIf(next); + *sizep = size; + return count; } NSS_IMPLEMENT PRUint32 nss_ckcapi_collect_all_certs( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, + count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, ulAttributeCount, listp, sizep, count, pError); */ - count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - return count; + count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + return count; } CK_OBJECT_CLASS -ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, +ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount) { - CK_ULONG i; + CK_ULONG i; - for (i=0; i < ulAttributeCount; i++) - { - if (pTemplate[i].type == CKA_CLASS) { - return *(CK_OBJECT_CLASS *) pTemplate[i].pValue; + for (i = 0; i < ulAttributeCount; i++) { + if (pTemplate[i].type == CKA_CLASS) { + return *(CK_OBJECT_CLASS *)pTemplate[i].pValue; + } } - } - /* need to return a value that says 'fetch them all' */ - return CK_INVALID_HANDLE; + /* need to return a value that says 'fetch them all' */ + return CK_INVALID_HANDLE; } static PRUint32 collect_objects( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + CK_RV *pError) { - PRUint32 i; - PRUint32 count = 0; - PRUint32 size = 0; - CK_OBJECT_CLASS objClass; - - /* - * first handle the static build in objects (if any) - */ - for( i = 0; i < nss_ckcapi_nObjects; i++ ) { - ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i]; - - if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o) ) { - PUT_Object(o, *pError); + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for (i = 0; i < nss_ckcapi_nObjects; i++) { + ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i]; + + if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o)) { + PUT_Object(o, *pError); + } } - } - - /* - * now handle the various object types - */ - objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount); - *pError = CKR_OK; - switch (objClass) { - case CKO_CERTIFICATE: - count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PUBLIC_KEY: - count = collect_class(objClass, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PRIVATE_KEY: - count = collect_class(objClass, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - /* all of them */ - case CK_INVALID_HANDLE: - count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - default: - goto done; /* no other object types we understand in this module */ - } - if (CKR_OK != *pError) { - goto loser; - } + /* + * now handle the various object types + */ + objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount); + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + goto done; /* no other object types we understand in this module */ + } + if (CKR_OK != *pError) { + goto loser; + } done: - return count; + return count; loser: - nss_ZFreeIf(*listp); - return 0; + nss_ZFreeIf(*listp); + return 0; } - - NSS_IMPLEMENT NSSCKMDFindObjects * -nss_ckcapi_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL; - ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct ckcapiFOStr); - if( (struct ckcapiFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = ckcapi_mdFindObjects_Final; - rv->Next = ckcapi_mdFindObjects_Next; - rv->null = (void *)NULL; - - fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); - if (*pError != CKR_OK) { - goto loser; - } - - fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n); - if( (ckcapiInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n); - nss_ZFreeIf(temp); - temp = (ckcapiInternalObject **)NULL; - - return rv; - - loser: - nss_ZFreeIf(temp); - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL; + ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + fo = nss_ZNEW(arena, struct ckcapiFOStr); + if ((struct ckcapiFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = ckcapi_mdFindObjects_Final; + rv->Next = ckcapi_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n); + if ((ckcapiInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckcapiInternalObject **)NULL; + + return rv; + +loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/nss/lib/ckfw/capi/cinst.c b/nss/lib/ckfw/capi/cinst.c index 8aac1ca..937c289 100644 --- a/nss/lib/ckfw/capi/cinst.c +++ b/nss/lib/ckfw/capi/cinst.c @@ -7,7 +7,7 @@ /* * ckcapi/cinstance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "capi" cryptoki module. */ @@ -16,96 +16,82 @@ */ static CK_ULONG -ckcapi_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -ckcapi_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_CryptokiVersion; + return nss_ckcapi_CryptokiVersion; } static NSSUTF8 * -ckcapi_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static NSSUTF8 * -ckcapi_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_LibraryDescription; + return (NSSUTF8 *)nss_ckcapi_LibraryDescription; } static CK_VERSION -ckcapi_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_LibraryVersion; + return nss_ckcapi_LibraryVersion; } static CK_RV -ckcapi_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +ckcapi_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot; + return CKR_OK; } static CK_BBOOL -ckcapi_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* we don't want to allow any session object creation, at least - * until we can investigate whether or not we can use those objects - */ - return CK_TRUE; + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; } NSS_IMPLEMENT_DATA const NSSCKMDInstance -nss_ckcapi_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - ckcapi_mdInstance_GetNSlots, - ckcapi_mdInstance_GetCryptokiVersion, - ckcapi_mdInstance_GetManufacturerID, - ckcapi_mdInstance_GetLibraryDescription, - ckcapi_mdInstance_GetLibraryVersion, - ckcapi_mdInstance_ModuleHandlesSessionObjects, - /*NULL, /* HandleSessionObjects */ - ckcapi_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckcapi_mdInstance_GetNSlots, + ckcapi_mdInstance_GetCryptokiVersion, + ckcapi_mdInstance_GetManufacturerID, + ckcapi_mdInstance_GetLibraryDescription, + ckcapi_mdInstance_GetLibraryVersion, + ckcapi_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckcapi_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/capi/ckcapi.h b/nss/lib/ckfw/capi/ckcapi.h index 2ae01e3..2c4b12a 100644 --- a/nss/lib/ckfw/capi/ckcapi.h +++ b/nss/lib/ckfw/capi/ckcapi.h @@ -31,28 +31,27 @@ * to this PKCS #11 module. */ struct ckcapiRawObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; }; typedef struct ckcapiRawObjectStr ckcapiRawObject; - /* * common values needed for both bare keys and cert referenced keys. */ struct ckcapiKeyParamsStr { - NSSItem modulus; - NSSItem exponent; - NSSItem privateExponent; - NSSItem prime1; - NSSItem prime2; - NSSItem exponent1; - NSSItem exponent2; - NSSItem coefficient; - unsigned char publicExponentData[sizeof(CK_ULONG)]; - void *privateKey; - void *pubKey; + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; + unsigned char publicExponentData[sizeof(CK_ULONG)]; + void *privateKey; + void *pubKey; }; typedef struct ckcapiKeyParamsStr ckcapiKeyParams; @@ -62,11 +61,11 @@ typedef struct ckcapiKeyParamsStr ckcapiKeyParams; * while the CA is issuing the certificate. */ struct ckcapiKeyObjectStr { - CRYPT_KEY_PROV_INFO provInfo; - char *provName; - char *containerName; - HCRYPTPROV hProv; - ckcapiKeyParams key; + CRYPT_KEY_PROV_INFO provInfo; + char *provName; + char *containerName; + HCRYPTPROV hProv; + ckcapiKeyParams key; }; typedef struct ckcapiKeyObjectStr ckcapiKeyObject; @@ -74,25 +73,25 @@ typedef struct ckcapiKeyObjectStr ckcapiKeyObject; * Certificate and certificate referenced keys. */ struct ckcapiCertObjectStr { - PCCERT_CONTEXT certContext; - PRBool hasID; - const char *certStore; - NSSItem label; - NSSItem subject; - NSSItem issuer; - NSSItem serial; - NSSItem derCert; - ckcapiKeyParams key; - unsigned char *labelData; - /* static data: to do, make this dynamic like labelData */ - unsigned char derSerial[128]; + PCCERT_CONTEXT certContext; + PRBool hasID; + const char *certStore; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + ckcapiKeyParams key; + unsigned char *labelData; + /* static data: to do, make this dynamic like labelData */ + unsigned char derSerial[128]; }; typedef struct ckcapiCertObjectStr ckcapiCertObject; typedef enum { - ckcapiRaw, - ckcapiCert, - ckcapiBareKey + ckcapiRaw, + ckcapiCert, + ckcapiBareKey } ckcapiObjectType; /* @@ -100,98 +99,84 @@ typedef enum { * cfind as ckcapiInternalObjects. */ struct ckcapiInternalObjectStr { - ckcapiObjectType type; - union { - ckcapiRawObject raw; - ckcapiCertObject cert; - ckcapiKeyObject key; - } u; - CK_OBJECT_CLASS objClass; - NSSItem hashKey; - NSSItem id; - void *idData; - unsigned char hashKeyData[128]; - NSSCKMDObject mdObject; + ckcapiObjectType type; + union { + ckcapiRawObject raw; + ckcapiCertObject cert; + ckcapiKeyObject key; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + NSSItem id; + void *idData; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; }; typedef struct ckcapiInternalObjectStr ckcapiInternalObject; /* our raw object data array */ NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[]; -NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; - -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber; - -NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; -NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; -NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; +NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA; NSS_EXTERN NSSCKMDSession * -nss_ckcapi_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_ckcapi_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_ckcapi_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckcapi_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * Object Utilities */ NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateMDObject -( - NSSArena *arena, - ckcapiInternalObject *io, - CK_RV *pError -); +nss_ckcapi_CreateMDObject( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckcapi_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN const NSSItem * -nss_ckcapi_FetchAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -); +nss_ckcapi_FetchAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type); NSS_EXTERN void -nss_ckcapi_DestroyInternalObject -( - ckcapiInternalObject *io -); +nss_ckcapi_DestroyInternalObject( + ckcapiInternalObject *io); NSS_EXTERN CK_RV -nss_ckcapi_FetchKeyContainer -( - ckcapiInternalObject *iKey, - HCRYPTPROV *hProv, - DWORD *keySpec, - HCRYPTKEY *hKey -); +nss_ckcapi_FetchKeyContainer( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey); /* * generic utilities @@ -202,70 +187,56 @@ nss_ckcapi_FetchKeyContainer * Microsoft, we need to byte swap everything coming into and out of CAPI. */ void -ckcapi_ReverseData -( - NSSItem *item -); +ckcapi_ReverseData( + NSSItem *item); /* * unwrap a single DER value */ unsigned char * -nss_ckcapi_DERUnwrap -( - unsigned char *src, - unsigned int size, - unsigned int *outSize, - unsigned char **next -); +nss_ckcapi_DERUnwrap( + unsigned char *src, + unsigned int size, + unsigned int *outSize, + unsigned char **next); /* * Return the size in bytes of a wide string */ -int -nss_ckcapi_WideSize -( - LPCWSTR wide -); +int +nss_ckcapi_WideSize( + LPCWSTR wide); /* * Covert a Unicode wide character string to a UTF8 string */ char * -nss_ckcapi_WideToUTF8 -( - LPCWSTR wide -); +nss_ckcapi_WideToUTF8( + LPCWSTR wide); /* * Return a Wide String duplicated with nss allocated memory. */ LPWSTR -nss_ckcapi_WideDup -( - LPCWSTR wide -); +nss_ckcapi_WideDup( + LPCWSTR wide); /* * Covert a UTF8 string to Unicode wide character */ LPWSTR -nss_ckcapi_UTF8ToWide -( - char *buf -); - +nss_ckcapi_UTF8ToWide( + char *buf); NSS_EXTERN PRUint32 nss_ckcapi_collect_all_certs( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -); + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError); + +#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0]))) -#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) - #endif diff --git a/nss/lib/ckfw/capi/ckcapiver.c b/nss/lib/ckfw/capi/ckcapiver.c index 54e4887..825b630 100644 --- a/nss/lib/ckfw/capi/ckcapiver.c +++ b/nss/lib/ckfw/capi/ckcapiver.c @@ -14,5 +14,4 @@ /* * Version information */ -const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; diff --git a/nss/lib/ckfw/capi/cobject.c b/nss/lib/ckfw/capi/cobject.c index 1da5f7d..c4b77d2 100644 --- a/nss/lib/ckfw/capi/cobject.c +++ b/nss/lib/ckfw/capi/cobject.c @@ -76,22 +76,30 @@ static const CK_KEY_TYPE ckk_rsa = CKK_RSA; static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; -static const NSSItem ckcapi_trueItem = { - (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckcapi_falseItem = { - (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckcapi_x509Item = { - (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; -static const NSSItem ckcapi_rsaItem = { - (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; -static const NSSItem ckcapi_certClassItem = { - (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckcapi_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckcapi_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckcapi_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) +}; +static const NSSItem ckcapi_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) +}; +static const NSSItem ckcapi_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckcapi_privKeyClassItem = { - (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckcapi_pubKeyClassItem = { - (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; -static const NSSItem ckcapi_emptyItem = { - (void *)&ck_true, 0}; + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; +static const NSSItem ckcapi_emptyItem = { + (void *)&ck_true, 0 +}; /* * these are utilities. The chould be moved to a new utilities file. @@ -101,117 +109,111 @@ static const NSSItem ckcapi_emptyItem = { * unwrap a single DER value */ unsigned char * -nss_ckcapi_DERUnwrap -( - unsigned char *src, - unsigned int size, - unsigned int *outSize, - unsigned char **next -) +nss_ckcapi_DERUnwrap( + unsigned char *src, + unsigned int size, + unsigned int *outSize, + unsigned char **next) { - unsigned char *start = src; - unsigned char *end = src+size; - unsigned int len = 0; - - /* initialize error condition return values */ - *outSize = 0; - if (next) { - *next = src; - } - - if (size < 2) { - return start; - } - src++; /* skip the tag -- should check it against an expected value! */ - len = (unsigned) *src++; - if (len & 0x80) { - unsigned int count = len & 0x7f; - len = 0; - - if (count+2 > size) { - return start; - } - while (count-- > 0) { - len = (len << 8) | (unsigned) *src++; - } - } - if (len + (src-start) > size) { - return start; - } - if (next) { - *next = src+len; - } - *outSize = len; - - return src; + unsigned char *start = src; + unsigned char *end = src + size; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src++; /* skip the tag -- should check it against an expected value! */ + len = (unsigned)*src++; + if (len & 0x80) { + unsigned int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned)*src++; + } + } + if (len + (src - start) > size) { + return start; + } + if (next) { + *next = src + len; + } + *outSize = len; + + return src; } /* * convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be * less than sizeof (CK_ULONG). */ -CK_ULONG -nss_ckcapi_DataToInt -( - NSSItem *data, - CK_RV *pError -) +CK_ULONG +nss_ckcapi_DataToInt( + NSSItem *data, + CK_RV *pError) { - CK_ULONG value = 0; - unsigned long count = data->size; - unsigned char *dataPtr = data->data; - unsigned long size = 0; - - *pError = CKR_OK; - - while (count--) { - value = value << 8; - value = value + *dataPtr++; - if (size || value) { - size++; - } - } - if (size > sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - return value; + CK_ULONG value = 0; + unsigned long count = data->size; + unsigned char *dataPtr = data->data; + unsigned long size = 0; + + *pError = CKR_OK; + + while (count--) { + value = value << 8; + value = value + *dataPtr++; + if (size || value) { + size++; + } + } + if (size > sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + return value; } /* * convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf' * and must be at least CK_ULONG. Caller must provide buf. */ -CK_ULONG -nss_ckcapi_IntToData -( - CK_ULONG value, - NSSItem *data, - unsigned char *dataPtr, - CK_RV *pError -) +CK_ULONG +nss_ckcapi_IntToData( + CK_ULONG value, + NSSItem *data, + unsigned char *dataPtr, + CK_RV *pError) { - unsigned long count = 0; - unsigned long i; -#define SHIFT ((sizeof(CK_ULONG)-1)*8) - PRBool first = 0; + unsigned long count = 0; + unsigned long i; +#define SHIFT ((sizeof(CK_ULONG) - 1) * 8) + PRBool first = 0; - *pError = CKR_OK; + *pError = CKR_OK; - data->data = dataPtr; - for (i=0; i < sizeof(CK_ULONG); i++) { - unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff); + data->data = dataPtr; + for (i = 0; i < sizeof(CK_ULONG); i++) { + unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff); - value = value << 8; + value = value << 8; - /* drop leading zero bytes */ - if (first && (0 == digit)) { - continue; + /* drop leading zero bytes */ + if (first && (0 == digit)) { + continue; + } + *dataPtr++ = digit; + count++; } - *dataPtr++ = digit; - count++; - } - data->size = count; - return count; + data->size = count; + return count; } /* @@ -219,107 +221,99 @@ nss_ckcapi_IntToData * data for the item is owned by the template. */ CK_RV -nss_ckcapi_GetAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - NSSItem *item -) +nss_ckcapi_GetAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item) { - CK_ULONG i; - - for (i=0; i < templateSize; i++) { - if (template[i].type == type) { - item->data = template[i].pValue; - item->size = template[i].ulValueLen; - return CKR_OK; + CK_ULONG i; + + for (i = 0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } } - } - return CKR_TEMPLATE_INCOMPLETE; + return CKR_TEMPLATE_INCOMPLETE; } /* * get an attribute which is type CK_ULONG. */ CK_ULONG -nss_ckcapi_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_ULONG) 0; - } - if (item.size != sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_ULONG) 0; - } - return *(CK_ULONG *)item.data; + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG)0; + } + return *(CK_ULONG *)item.data; } /* * get an attribute which is type CK_BBOOL. */ CK_BBOOL -nss_ckcapi_GetBoolAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetBoolAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_BBOOL) 0; - } - if (item.size != sizeof(CK_BBOOL)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_BBOOL) 0; - } - return *(CK_BBOOL *)item.data; + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_BBOOL)0; + } + if (item.size != sizeof(CK_BBOOL)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_BBOOL)0; + } + return *(CK_BBOOL *)item.data; } /* * get an attribute which is type CK_BBOOL. */ char * -nss_ckcapi_GetStringAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetStringAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - char *str; - - /* get the attribute */ - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (char *)NULL; - } - /* make sure it is null terminated */ - str = nss_ZNEWARRAY(NULL, char, item.size+1); - if ((char *)NULL == str) { - *pError = CKR_HOST_MEMORY; - return (char *)NULL; - } - - nsslibc_memcpy(str, item.data, item.size); - str[item.size] = 0; - - return str; + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size + 1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; } /* @@ -327,104 +321,95 @@ nss_ckcapi_GetStringAttribute * character */ int -nss_ckcapi_WideSize -( - LPCWSTR wide -) +nss_ckcapi_WideSize( + LPCWSTR wide) { - DWORD size; + DWORD size; - if ((LPWSTR)NULL == wide) { - return 0; - } - size = wcslen(wide)+1; - return size*sizeof(WCHAR); + if ((LPWSTR)NULL == wide) { + return 0; + } + size = wcslen(wide) + 1; + return size * sizeof(WCHAR); } /* * Covert a Unicode wide character string to a UTF8 string */ char * -nss_ckcapi_WideToUTF8 -( - LPCWSTR wide -) +nss_ckcapi_WideToUTF8( + LPCWSTR wide) { - DWORD size; - char *buf; - - if ((LPWSTR)NULL == wide) { - return (char *)NULL; - } - - size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0); - if (size == 0) { - return (char *)NULL; - } - buf = nss_ZNEWARRAY(NULL, char, size); - size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0); - if (size == 0) { - nss_ZFreeIf(buf); - return (char *)NULL; - } - return buf; + DWORD size; + char *buf; + + if ((LPWSTR)NULL == wide) { + return (char *)NULL; + } + + size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0); + if (size == 0) { + return (char *)NULL; + } + buf = nss_ZNEWARRAY(NULL, char, size); + size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0); + if (size == 0) { + nss_ZFreeIf(buf); + return (char *)NULL; + } + return buf; } /* * Return a Wide String duplicated with nss allocated memory. */ LPWSTR -nss_ckcapi_WideDup -( - LPCWSTR wide -) +nss_ckcapi_WideDup( + LPCWSTR wide) { - DWORD len; - LPWSTR buf; + DWORD len; + LPWSTR buf; - if ((LPWSTR)NULL == wide) { - return (LPWSTR)NULL; - } + if ((LPWSTR)NULL == wide) { + return (LPWSTR)NULL; + } - len = wcslen(wide)+1; + len = wcslen(wide) + 1; - buf = nss_ZNEWARRAY(NULL, WCHAR, len); - if ((LPWSTR) NULL == buf) { + buf = nss_ZNEWARRAY(NULL, WCHAR, len); + if ((LPWSTR)NULL == buf) { + return buf; + } + nsslibc_memcpy(buf, wide, len * sizeof(WCHAR)); return buf; - } - nsslibc_memcpy(buf, wide, len*sizeof(WCHAR)); - return buf; } /* * Covert a UTF8 string to Unicode wide character */ LPWSTR -nss_ckcapi_UTF8ToWide -( - char *buf -) +nss_ckcapi_UTF8ToWide( + char *buf) { - DWORD size; - LPWSTR wide; - - if ((char *)NULL == buf) { - return (LPWSTR) NULL; - } - - size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0); - if (size == 0) { - return (LPWSTR) NULL; - } - wide = nss_ZNEWARRAY(NULL, WCHAR, size); - size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size); - if (size == 0) { - nss_ZFreeIf(wide); - return (LPWSTR) NULL; - } - return wide; -} + DWORD size; + LPWSTR wide; + + if ((char *)NULL == buf) { + return (LPWSTR)NULL; + } + size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0); + if (size == 0) { + return (LPWSTR)NULL; + } + wide = nss_ZNEWARRAY(NULL, WCHAR, size); + size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size); + if (size == 0) { + nss_ZFreeIf(wide); + return (LPWSTR)NULL; + } + return wide; +} /* * keep all the knowlege of how the internalObject is laid out in this function @@ -436,281 +421,272 @@ nss_ckcapi_UTF8ToWide * this function fails with CKR_KEY_TYPE_INCONSISTENT */ NSS_EXTERN CK_RV -nss_ckcapi_FetchKeyContainer -( - ckcapiInternalObject *iKey, - HCRYPTPROV *hProv, - DWORD *keySpec, - HCRYPTKEY *hKey -) +nss_ckcapi_FetchKeyContainer( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey) { - ckcapiCertObject *co; - ckcapiKeyObject *ko; - BOOL rc, dummy; - DWORD msError; - - - switch (iKey->type) { - default: - case ckcapiRaw: - /* can't have raw private keys */ - return CKR_KEY_TYPE_INCONSISTENT; - case ckcapiCert: - if (iKey->objClass != CKO_PRIVATE_KEY) { - /* Only private keys have private key provider handles */ - return CKR_KEY_TYPE_INCONSISTENT; - } - co = &iKey->u.cert; - - /* OK, get the Provider */ - rc = CryptAcquireCertificatePrivateKey(co->certContext, - CRYPT_ACQUIRE_CACHE_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, hProv, - keySpec, &dummy); + ckcapiCertObject *co; + ckcapiKeyObject *ko; + BOOL rc, dummy; + DWORD msError; + + switch (iKey->type) { + default: + case ckcapiRaw: + /* can't have raw private keys */ + return CKR_KEY_TYPE_INCONSISTENT; + case ckcapiCert: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + co = &iKey->u.cert; + + /* OK, get the Provider */ + rc = CryptAcquireCertificatePrivateKey(co->certContext, + CRYPT_ACQUIRE_CACHE_FLAG | + CRYPT_ACQUIRE_COMPARE_KEY_FLAG, + NULL, hProv, + keySpec, &dummy); + if (!rc) { + goto loser; + } + break; + case ckcapiBareKey: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + ko = &iKey->u.key; + + /* OK, get the Provider */ + if (0 == ko->hProv) { + rc = + CryptAcquireContext(hProv, + ko->containerName, + ko->provName, + ko->provInfo.dwProvType, 0); + if (!rc) { + goto loser; + } + } else { + *hProv = + ko->hProv; + } + *keySpec = ko->provInfo.dwKeySpec; + break; + } + + /* and get the crypto handle */ + rc = CryptGetUserKey(*hProv, *keySpec, hKey); if (!rc) { - goto loser; - } - break; - case ckcapiBareKey: - if (iKey->objClass != CKO_PRIVATE_KEY) { - /* Only private keys have private key provider handles */ - return CKR_KEY_TYPE_INCONSISTENT; - } - ko = &iKey->u.key; - - /* OK, get the Provider */ - if (0 == ko->hProv) { - rc = CryptAcquireContext(hProv, - ko->containerName, - ko->provName, - ko->provInfo.dwProvType , 0); - if (!rc) { goto loser; - } - } else { - *hProv = ko->hProv; - } - *keySpec = ko->provInfo.dwKeySpec; - break; - } - - /* and get the crypto handle */ - rc = CryptGetUserKey(*hProv, *keySpec, hKey); - if (!rc) { - goto loser; - } - return CKR_OK; + } + return CKR_OK; loser: - /* map the microsoft error before leaving */ - msError = GetLastError(); - switch (msError) { - case ERROR_INVALID_HANDLE: - case ERROR_INVALID_PARAMETER: - case NTE_BAD_KEY: - case NTE_NO_KEY: - case NTE_BAD_PUBLIC_KEY: - case NTE_BAD_KEYSET: - case NTE_KEYSET_NOT_DEF: - return CKR_KEY_TYPE_INCONSISTENT; - case NTE_BAD_UID: - case NTE_KEYSET_ENTRY_BAD: - return CKR_DEVICE_ERROR; - } - return CKR_GENERAL_ERROR; + /* map the microsoft error before leaving */ + msError = GetLastError(); + switch (msError) { + case ERROR_INVALID_HANDLE: + case ERROR_INVALID_PARAMETER: + case NTE_BAD_KEY: + case NTE_NO_KEY: + case NTE_BAD_PUBLIC_KEY: + case NTE_BAD_KEYSET: + case NTE_KEYSET_NOT_DEF: + return CKR_KEY_TYPE_INCONSISTENT; + case NTE_BAD_UID: + case NTE_KEYSET_ENTRY_BAD: + return CKR_DEVICE_ERROR; + } + return CKR_GENERAL_ERROR; } - /* * take a DER PUBLIC Key block and return the modulus and exponent */ static void -ckcapi_CertPopulateModulusExponent -( - ckcapiInternalObject *io -) +ckcapi_CertPopulateModulusExponent( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp = &io->u.cert.key; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - unsigned char *pkData = - certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData; - unsigned int size= - certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData; - unsigned int newSize; - unsigned char *ptr, *newptr; - - /* find the start of the modulus -- this will not give good results if - * the key isn't an rsa key! */ - ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL); - kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, - &kp->modulus.size, &newptr); - /* changed from signed to unsigned int */ - if (0 == *(char *)kp->modulus.data) { - kp->modulus.data = ((char *)kp->modulus.data)+1; - kp->modulus.size = kp->modulus.size - 1; - } - /* changed from signed to unsigned int */ - kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr-ptr)+newSize, - &kp->exponent.size, NULL); - if (0 == *(char *)kp->exponent.data) { - kp->exponent.data = ((char *)kp->exponent.data)+1; - kp->exponent.size = kp->exponent.size - 1; - } - return; + ckcapiKeyParams *kp = &io->u.cert.key; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + unsigned char *pkData = + certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData; + unsigned int size = + certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData; + unsigned int newSize; + unsigned char *ptr, *newptr; + + /* find the start of the modulus -- this will not give good results if + * the key isn't an rsa key! */ + ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL); + kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, + &kp->modulus.size, &newptr); + /* changed from signed to unsigned int */ + if (0 == *(char *)kp->modulus.data) { + kp->modulus.data = ((char *)kp->modulus.data) + 1; + kp->modulus.size = kp->modulus.size - 1; + } + /* changed from signed to unsigned int */ + kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr - ptr) + newSize, + &kp->exponent.size, NULL); + if (0 == *(char *)kp->exponent.data) { + kp->exponent.data = ((char *)kp->exponent.data) + 1; + kp->exponent.size = kp->exponent.size - 1; + } + return; } typedef struct _CAPI_RSA_KEY_BLOB { - PUBLICKEYSTRUC header; - RSAPUBKEY rsa; - char data[1]; + PUBLICKEYSTRUC header; + RSAPUBKEY rsa; + char data[1]; } CAPI_RSA_KEY_BLOB; -#define CAPI_MODULUS_OFFSET(modSize) 0 -#define CAPI_PRIME_1_OFFSET(modSize) (modSize) -#define CAPI_PRIME_2_OFFSET(modSize) ((modSize)+(modSize)/2) -#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2) -#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2+(modSize)/2) +#define CAPI_MODULUS_OFFSET(modSize) 0 +#define CAPI_PRIME_1_OFFSET(modSize) (modSize) +#define CAPI_PRIME_2_OFFSET(modSize) ((modSize) + (modSize) / 2) +#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2) +#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2 + (modSize) / 2) #define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3) -#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3+(modSize)/2) +#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3 + (modSize) / 2) void -ckcapi_FetchPublicKey -( - ckcapiInternalObject *io -) +ckcapi_FetchPublicKey( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey = 0; - CK_RV error; - DWORD bufLen; - BOOL rc; - unsigned long modulus; - char *buf = NULL; - CAPI_RSA_KEY_BLOB *blob; - - error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); - if (CKR_OK != error) { - goto loser; - } - kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; - - rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - buf = nss_ZNEWARRAY(NULL, char, bufLen); - rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - /* validate the blob */ - blob = (CAPI_RSA_KEY_BLOB *)buf; - if ((PUBLICKEYBLOB != blob->header.bType) || - (0x02 != blob->header.bVersion) || - (0x31415352 != blob->rsa.magic)) { - goto loser; - } - modulus = blob->rsa.bitlen/8; - kp->pubKey = buf; - buf = NULL; - - kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)]; - kp->modulus.size = modulus; - ckcapi_ReverseData(&kp->modulus); - nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent, - kp->publicExponentData, &error); + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PUBLICKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x31415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen / 8; + kp->pubKey = buf; + buf = NULL; + + kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)]; + kp->modulus.size = modulus; + ckcapi_ReverseData(&kp->modulus); + nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent, + kp->publicExponentData, &error); loser: - nss_ZFreeIf(buf); - if (0 != hKey) { - CryptDestroyKey(hKey); - } - return; + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; } void -ckcapi_FetchPrivateKey -( - ckcapiInternalObject *io -) +ckcapi_FetchPrivateKey( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey = 0; - CK_RV error; - DWORD bufLen; - BOOL rc; - unsigned long modulus; - char *buf = NULL; - CAPI_RSA_KEY_BLOB *blob; - - error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); - if (CKR_OK != error) { - goto loser; - } - kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; - - rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - buf = nss_ZNEWARRAY(NULL, char, bufLen); - rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - /* validate the blob */ - blob = (CAPI_RSA_KEY_BLOB *)buf; - if ((PRIVATEKEYBLOB != blob->header.bType) || - (0x02 != blob->header.bVersion) || - (0x32415352 != blob->rsa.magic)) { - goto loser; - } - modulus = blob->rsa.bitlen/8; - kp->privateKey = buf; - buf = NULL; - - kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)]; - kp->privateExponent.size = modulus; - ckcapi_ReverseData(&kp->privateExponent); - kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)]; - kp->prime1.size = modulus/2; - ckcapi_ReverseData(&kp->prime1); - kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)]; - kp->prime2.size = modulus/2; - ckcapi_ReverseData(&kp->prime2); - kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)]; - kp->exponent1.size = modulus/2; - ckcapi_ReverseData(&kp->exponent1); - kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)]; - kp->exponent2.size = modulus/2; - ckcapi_ReverseData(&kp->exponent2); - kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)]; - kp->coefficient.size = modulus/2; - ckcapi_ReverseData(&kp->coefficient); + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PRIVATEKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x32415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen / 8; + kp->privateKey = buf; + buf = NULL; + + kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)]; + kp->privateExponent.size = modulus; + ckcapi_ReverseData(&kp->privateExponent); + kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)]; + kp->prime1.size = modulus / 2; + ckcapi_ReverseData(&kp->prime1); + kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)]; + kp->prime2.size = modulus / 2; + ckcapi_ReverseData(&kp->prime2); + kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)]; + kp->exponent1.size = modulus / 2; + ckcapi_ReverseData(&kp->exponent1); + kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)]; + kp->exponent2.size = modulus / 2; + ckcapi_ReverseData(&kp->exponent2); + kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)]; + kp->coefficient.size = modulus / 2; + ckcapi_ReverseData(&kp->coefficient); loser: - nss_ZFreeIf(buf); - if (0 != hKey) { - CryptDestroyKey(hKey); - } - return; + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; } - void -ckcapi_PopulateModulusExponent -( - ckcapiInternalObject *io -) +ckcapi_PopulateModulusExponent( + ckcapiInternalObject *io) { - if (ckcapiCert == io->type) { - ckcapi_CertPopulateModulusExponent(io); - } else { - ckcapi_FetchPublicKey(io); - } - return; + if (ckcapiCert == io->type) { + ckcapi_CertPopulateModulusExponent(io); + } else { + ckcapi_FetchPublicKey(io); + } + return; } /* @@ -718,442 +694,433 @@ ckcapi_PopulateModulusExponent * can only be called with ckcapiCert type objects! */ void -ckcapi_FetchLabel -( - ckcapiInternalObject *io -) +ckcapi_FetchLabel( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - char *label; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - char labelDataUTF16[128]; - DWORD size = sizeof(labelDataUTF16); - DWORD size8 = sizeof(co->labelData); - BOOL rv; - - rv = CertGetCertificateContextProperty(certContext, - CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size); - if (rv) { - co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); - if ((CHAR *)NULL == co->labelData) { - rv = 0; - } else { - size = strlen(co->labelData); - } - } - label = co->labelData; - /* we are presuming a user cert, make sure it has a nickname, even if - * Microsoft never gave it one */ - if (!rv && co->hasID) { - DWORD mserror = GetLastError(); + ckcapiCertObject *co = &io->u.cert; + char *label; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + char labelDataUTF16[128]; + DWORD size = sizeof(labelDataUTF16); + DWORD size8 = sizeof(co->labelData); + BOOL rv; + + rv = CertGetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size); + if (rv) { + co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); + if ((CHAR *)NULL == co->labelData) { + rv = 0; + } else { + size = strlen(co->labelData); + } + } + label = co->labelData; + /* we are presuming a user cert, make sure it has a nickname, even if + * Microsoft never gave it one */ + if (!rv && co->hasID) { + DWORD mserror = GetLastError(); #define DEFAULT_NICKNAME "no Microsoft nickname" - label = DEFAULT_NICKNAME; - size = sizeof(DEFAULT_NICKNAME); - rv = 1; - } - - if (rv) { - co->label.data = label; - co->label.size = size; - } - return; + label = DEFAULT_NICKNAME; + size = sizeof(DEFAULT_NICKNAME); + rv = 1; + } + + if (rv) { + co->label.data = label; + co->label.size = size; + } + return; } void -ckcapi_FetchSerial -( - ckcapiInternalObject *io -) +ckcapi_FetchSerial( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = sizeof(co->derSerial); - - BOOL rc = CryptEncodeObject(X509_ASN_ENCODING, - X509_MULTI_BYTE_INTEGER, - &certContext->pCertInfo->SerialNumber, - co->derSerial, - &size); - if (rc) { - co->serial.data = co->derSerial; - co->serial.size = size; - } - return; + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = sizeof(co->derSerial); + + BOOL rc = CryptEncodeObject(X509_ASN_ENCODING, + X509_MULTI_BYTE_INTEGER, + &certContext->pCertInfo->SerialNumber, + co->derSerial, + &size); + if (rc) { + co->serial.data = co->derSerial; + co->serial.size = size; + } + return; } /* * fetch the key ID. */ void -ckcapi_FetchID -( - ckcapiInternalObject *io -) +ckcapi_FetchID( + ckcapiInternalObject *io) { - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = 0; - BOOL rc; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = 0; + BOOL rc; - rc = CertGetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); - if (!rc) { - return; - } - io->idData = nss_ZNEWARRAY(NULL, char, size); - if (io->idData == NULL) { - return; - } + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (!rc) { + return; + } + io->idData = nss_ZNEWARRAY(NULL, char, size); + if (io->idData == NULL) { + return; + } - rc = CertGetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size); - if (!rc) { - nss_ZFreeIf(io->idData); - io->idData = NULL; + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size); + if (!rc) { + nss_ZFreeIf(io->idData); + io->idData = NULL; + return; + } + io->id.data = io->idData; + io->id.size = size; return; - } - io->id.data = io->idData; - io->id.size = size; - return; } /* * fetch the hash key. */ void -ckcapi_CertFetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_CertFetchHashKey( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = certContext->cbCertEncoded; - DWORD max = sizeof(io->hashKeyData)-1; - DWORD offset = 0; - - /* make sure we don't over flow. NOTE: cutting the top of a cert is - * not a big issue because the signature for will be unique for the cert */ - if (size > max) { - offset = size - max; - size = max; - } - - nsslibc_memcpy(io->hashKeyData,certContext->pbCertEncoded+offset, size); - io->hashKeyData[size] = (char)(io->objClass & 0xff); - - io->hashKey.data = io->hashKeyData; - io->hashKey.size = size+1; - return; + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = certContext->cbCertEncoded; + DWORD max = sizeof(io->hashKeyData) - 1; + DWORD offset = 0; + + /* make sure we don't over flow. NOTE: cutting the top of a cert is + * not a big issue because the signature for will be unique for the cert */ + if (size > max) { + offset = size - max; + size = max; + } + + nsslibc_memcpy(io->hashKeyData, certContext->pbCertEncoded + offset, size); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size + 1; + return; } /* * fetch the hash key. */ void -ckcapi_KeyFetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_KeyFetchHashKey( + ckcapiInternalObject *io) { - ckcapiKeyObject *ko = &io->u.key; - DWORD size; - DWORD max = sizeof(io->hashKeyData)-2; - DWORD offset = 0; - DWORD provLen = strlen(ko->provName); - DWORD containerLen = strlen(ko->containerName); - - - size = provLen + containerLen; - - /* make sure we don't overflow, try to keep things unique */ - if (size > max) { - DWORD diff = ((size - max)+1)/2; - provLen -= diff; - containerLen -= diff; - size = provLen+containerLen; - } - - nsslibc_memcpy(io->hashKeyData, ko->provName, provLen); - nsslibc_memcpy(&io->hashKeyData[provLen], - ko->containerName, - containerLen); - io->hashKeyData[size] = (char)(io->objClass & 0xff); - io->hashKeyData[size+1] = (char)(ko->provInfo.dwKeySpec & 0xff); - - io->hashKey.data = io->hashKeyData; - io->hashKey.size = size+2; - return; + ckcapiKeyObject *ko = &io->u.key; + DWORD size; + DWORD max = sizeof(io->hashKeyData) - 2; + DWORD offset = 0; + DWORD provLen = strlen(ko->provName); + DWORD containerLen = strlen(ko->containerName); + + size = provLen + containerLen; + + /* make sure we don't overflow, try to keep things unique */ + if (size > max) { + DWORD diff = ((size - max) + 1) / 2; + provLen -= diff; + containerLen -= diff; + size = provLen + containerLen; + } + + nsslibc_memcpy(io->hashKeyData, ko->provName, provLen); + nsslibc_memcpy(&io->hashKeyData[provLen], + ko->containerName, + containerLen); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + io->hashKeyData[size + 1] = (char)(ko->provInfo.dwKeySpec & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size + 2; + return; } /* * fetch the hash key. */ void -ckcapi_FetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_FetchHashKey( + ckcapiInternalObject *io) { - if (ckcapiCert == io->type) { - ckcapi_CertFetchHashKey(io); - } else { - ckcapi_KeyFetchHashKey(io); - } - return; + if (ckcapiCert == io->type) { + ckcapi_CertFetchHashKey(io); + } else { + ckcapi_KeyFetchHashKey(io); + } + return; } - + const NSSItem * -ckcapi_FetchCertAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchCertAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PCCERT_CONTEXT certContext = io->u.cert.certContext; - switch(type) { - case CKA_CLASS: - return &ckcapi_certClassItem; - case CKA_TOKEN: - return &ckcapi_trueItem; - case CKA_MODIFIABLE: - case CKA_PRIVATE: - return &ckcapi_falseItem; - case CKA_CERTIFICATE_TYPE: - return &ckcapi_x509Item; - case CKA_LABEL: - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (0 == io->u.cert.subject.size) { - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_ISSUER: - if (0 == io->u.cert.issuer.size) { - io->u.cert.issuer.data = certContext->pCertInfo->Issuer.pbData; - io->u.cert.issuer.size = certContext->pCertInfo->Issuer.cbData; - } - return &io->u.cert.issuer; - case CKA_SERIAL_NUMBER: - if (0 == io->u.cert.serial.size) { - /* not exactly right. This should be the encoded serial number, but - * it's the decoded serial number! */ - ckcapi_FetchSerial(io); - } - return &io->u.cert.serial; - case CKA_VALUE: - if (0 == io->u.cert.derCert.size) { - io->u.cert.derCert.data = io->u.cert.certContext->pbCertEncoded; - io->u.cert.derCert.size = io->u.cert.certContext->cbCertEncoded; - } - return &io->u.cert.derCert; - case CKA_ID: - if (!io->u.cert.hasID) { - return NULL; - } - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - break; - } - return NULL; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + switch (type) { + case CKA_CLASS: + return &ckcapi_certClassItem; + case CKA_TOKEN: + return &ckcapi_trueItem; + case CKA_MODIFIABLE: + case CKA_PRIVATE: + return &ckcapi_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckcapi_x509Item; + case CKA_LABEL: + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (0 == io->u.cert.subject.size) { + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_ISSUER: + if (0 == io->u.cert.issuer.size) { + io->u.cert.issuer.data = + certContext->pCertInfo->Issuer.pbData; + io->u.cert.issuer.size = + certContext->pCertInfo->Issuer.cbData; + } + return &io->u.cert.issuer; + case CKA_SERIAL_NUMBER: + if (0 == io->u.cert.serial.size) { + /* not exactly right. This should be the encoded serial number, but + * it's the decoded serial number! */ + ckcapi_FetchSerial(io); + } + return &io->u.cert.serial; + case CKA_VALUE: + if (0 == io->u.cert.derCert.size) { + io->u.cert.derCert.data = + io->u.cert.certContext->pbCertEncoded; + io->u.cert.derCert.size = + io->u.cert.certContext->cbCertEncoded; + } + return &io->u.cert.derCert; + case CKA_ID: + if (!io->u.cert.hasID) { + return NULL; + } + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; } const NSSItem * -ckcapi_FetchPubKeyAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchPubKeyAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PRBool isCertType = (ckcapiCert == io->type); - ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; - - switch(type) { - case CKA_CLASS: - return &ckcapi_pubKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - case CKA_ENCRYPT: - case CKA_VERIFY: - case CKA_VERIFY_RECOVER: - return &ckcapi_trueItem; - case CKA_PRIVATE: - case CKA_MODIFIABLE: - case CKA_DERIVE: - case CKA_WRAP: - return &ckcapi_falseItem; - case CKA_KEY_TYPE: - return &ckcapi_rsaItem; - case CKA_LABEL: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.subject.size) { - PCCERT_CONTEXT certContext= io->u.cert.certContext; - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_MODULUS: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->modulus; - case CKA_PUBLIC_EXPONENT: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->exponent; - case CKA_ID: - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - break; - } - return NULL; + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch (type) { + case CKA_CLASS: + return &ckcapi_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_ENCRYPT: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + return &ckcapi_trueItem; + case CKA_PRIVATE: + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_WRAP: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext = + io->u.cert.certContext; + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; } const NSSItem * -ckcapi_FetchPrivKeyAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchPrivKeyAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PRBool isCertType = (ckcapiCert == io->type); - ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; - - switch(type) { - case CKA_CLASS: - return &ckcapi_privKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - case CKA_SIGN: - case CKA_DECRYPT: - case CKA_SIGN_RECOVER: - return &ckcapi_trueItem; - case CKA_SENSITIVE: - case CKA_PRIVATE: /* should move in the future */ - case CKA_MODIFIABLE: - case CKA_DERIVE: - case CKA_UNWRAP: - case CKA_EXTRACTABLE: /* will probably move in the future */ - case CKA_ALWAYS_SENSITIVE: - case CKA_NEVER_EXTRACTABLE: - return &ckcapi_falseItem; - case CKA_KEY_TYPE: - return &ckcapi_rsaItem; - case CKA_LABEL: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.subject.size) { - PCCERT_CONTEXT certContext= io->u.cert.certContext; - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_MODULUS: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->modulus; - case CKA_PUBLIC_EXPONENT: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->exponent; - case CKA_PRIVATE_EXPONENT: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->privateExponent; - case CKA_PRIME_1: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->prime1; - case CKA_PRIME_2: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->prime2; - case CKA_EXPONENT_1: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->exponent1; - case CKA_EXPONENT_2: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->exponent2; - case CKA_COEFFICIENT: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->coefficient; - case CKA_ID: - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - return NULL; - } + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch (type) { + case CKA_CLASS: + return &ckcapi_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_SIGN: + case CKA_DECRYPT: + case CKA_SIGN_RECOVER: + return &ckcapi_trueItem; + case CKA_SENSITIVE: + case CKA_PRIVATE: /* should move in the future */ + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_UNWRAP: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext = + io->u.cert.certContext; + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_PRIVATE_EXPONENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->privateExponent; + case CKA_PRIME_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime1; + case CKA_PRIME_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime2; + case CKA_EXPONENT_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent1; + case CKA_EXPONENT_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent2; + case CKA_COEFFICIENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->coefficient; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + return NULL; + } } const NSSItem * -nss_ckcapi_FetchAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +nss_ckcapi_FetchAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - CK_ULONG i; - - if (io->type == ckcapiRaw) { - for( i = 0; i < io->u.raw.n; i++ ) { - if( type == io->u.raw.types[i] ) { - return &io->u.raw.items[i]; - } + CK_ULONG i; + + if (io->type == ckcapiRaw) { + for (i = 0; i < io->u.raw.n; i++) { + if (type == io->u.raw.types[i]) { + return &io->u.raw.items[i]; + } + } + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + return ckcapi_FetchCertAttribute(io, type); + case CKO_PRIVATE_KEY: + return ckcapi_FetchPrivKeyAttribute(io, type); + case CKO_PUBLIC_KEY: + return ckcapi_FetchPubKeyAttribute(io, type); } return NULL; - } - /* deal with the common attributes */ - switch (io->objClass) { - case CKO_CERTIFICATE: - return ckcapi_FetchCertAttribute(io, type); - case CKO_PRIVATE_KEY: - return ckcapi_FetchPrivKeyAttribute(io, type); - case CKO_PUBLIC_KEY: - return ckcapi_FetchPubKeyAttribute(io, type); - } - return NULL; } /* @@ -1161,173 +1128,160 @@ nss_ckcapi_FetchAttribute */ static PRBool ckcapi_cert_exists( - NSSItem *value, - ckcapiInternalObject **io -) + NSSItem *value, + ckcapiInternalObject **io) { - int count,i; - PRUint32 size = 0; - ckcapiInternalObject **listp = NULL; - CK_ATTRIBUTE myTemplate[2]; - CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; - CK_ULONG templateCount = 2; - CK_RV error; - PRBool found = PR_FALSE; - - myTemplate[0].type = CKA_CLASS; - myTemplate[0].pValue = &cert_class; - myTemplate[0].ulValueLen = sizeof(cert_class); - myTemplate[1].type = CKA_VALUE; - myTemplate[1].pValue = value->data; - myTemplate[1].ulValueLen = value->size; - - count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, - &size, 0, &error); - - /* free them */ - if (count > 1) { - *io = listp[0]; - found = PR_TRUE; - } - - for (i=1; i < count; i++) { - nss_ckcapi_DestroyInternalObject(listp[i]); - } - nss_ZFreeIf(listp); - return found; + int count, i; + PRUint32 size = 0; + ckcapiInternalObject **listp = NULL; + CK_ATTRIBUTE myTemplate[2]; + CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; + CK_ULONG templateCount = 2; + CK_RV error; + PRBool found = PR_FALSE; + + myTemplate[0].type = CKA_CLASS; + myTemplate[0].pValue = &cert_class; + myTemplate[0].ulValueLen = sizeof(cert_class); + myTemplate[1].type = CKA_VALUE; + myTemplate[1].pValue = value->data; + myTemplate[1].ulValueLen = value->size; + + count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, + &size, 0, &error); + + /* free them */ + if (count > 1) { + *io = listp[0]; + found = PR_TRUE; + } + + for (i = 1; i < count; i++) { + nss_ckcapi_DestroyInternalObject(listp[i]); + } + nss_ZFreeIf(listp); + return found; } static PRBool -ckcapi_cert_hasEmail -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_hasEmail( + PCCERT_CONTEXT certContext) { - int count; + int count; - count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, - 0, NULL, NULL, 0); + count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, + 0, NULL, NULL, 0); - return count > 1 ? PR_TRUE : PR_FALSE; + return count > 1 ? PR_TRUE : PR_FALSE; } static PRBool -ckcapi_cert_isRoot -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_isRoot( + PCCERT_CONTEXT certContext) { - return CertCompareCertificateName(certContext->dwCertEncodingType, - &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject); + return CertCompareCertificateName(certContext->dwCertEncodingType, + &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject); } static PRBool -ckcapi_cert_isCA -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_isCA( + PCCERT_CONTEXT certContext) { - PCERT_EXTENSION extension; - CERT_BASIC_CONSTRAINTS2_INFO basicInfo; - DWORD size = sizeof(basicInfo); - BOOL rc; - - extension = CertFindExtension (szOID_BASIC_CONSTRAINTS, - certContext->pCertInfo->cExtension, - certContext->pCertInfo->rgExtension); - if ((PCERT_EXTENSION) NULL == extension ) { - return PR_FALSE; - } - rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, - extension->Value.pbData, extension->Value.cbData, - 0, &basicInfo, &size); - if (!rc) { - return PR_FALSE; - } - return (PRBool) basicInfo.fCA; + PCERT_EXTENSION extension; + CERT_BASIC_CONSTRAINTS2_INFO basicInfo; + DWORD size = sizeof(basicInfo); + BOOL rc; + + extension = CertFindExtension(szOID_BASIC_CONSTRAINTS, + certContext->pCertInfo->cExtension, + certContext->pCertInfo->rgExtension); + if ((PCERT_EXTENSION)NULL == extension) { + return PR_FALSE; + } + rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, + extension->Value.pbData, extension->Value.cbData, + 0, &basicInfo, &size); + if (!rc) { + return PR_FALSE; + } + return (PRBool)basicInfo.fCA; } static CRYPT_KEY_PROV_INFO * -ckcapi_cert_getPrivateKeyInfo -( - PCCERT_CONTEXT certContext, - NSSItem *keyID -) +ckcapi_cert_getPrivateKeyInfo( + PCCERT_CONTEXT certContext, + NSSItem *keyID) { - BOOL rc; - CRYPT_HASH_BLOB msKeyID; - DWORD size = 0; - CRYPT_KEY_PROV_INFO *prov = NULL; - - msKeyID.cbData = keyID->size; - msKeyID.pbData = keyID->data; - - rc = CryptGetKeyIdentifierProperty( - &msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, NULL, &size); - if (!rc) { - return (CRYPT_KEY_PROV_INFO *)NULL; - } - prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { - return (CRYPT_KEY_PROV_INFO *) NULL; - } - rc = CryptGetKeyIdentifierProperty( - &msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, prov, &size); - if (!rc) { - nss_ZFreeIf(prov); - return (CRYPT_KEY_PROV_INFO *)NULL; - } - - return prov; + BOOL rc; + CRYPT_HASH_BLOB msKeyID; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + msKeyID.cbData = keyID->size; + msKeyID.pbData = keyID->data; + + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; } static CRYPT_KEY_PROV_INFO * -ckcapi_cert_getProvInfo -( - ckcapiInternalObject *io -) +ckcapi_cert_getProvInfo( + ckcapiInternalObject *io) { - BOOL rc; - DWORD size = 0; - CRYPT_KEY_PROV_INFO *prov = NULL; - - rc = CertGetCertificateContextProperty( - io->u.cert.certContext, - CERT_KEY_PROV_INFO_PROP_ID, - NULL, &size); - if (!rc) { - return (CRYPT_KEY_PROV_INFO *)NULL; - } - prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { - return (CRYPT_KEY_PROV_INFO *) NULL; - } - rc = CertGetCertificateContextProperty( - io->u.cert.certContext, - CERT_KEY_PROV_INFO_PROP_ID, - prov, &size); - if (!rc) { - nss_ZFreeIf(prov); - return (CRYPT_KEY_PROV_INFO *)NULL; - } - - return prov; + BOOL rc; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; } - + /* forward declaration */ static void -ckcapi_removeObjectFromHash -( - ckcapiInternalObject *io -); +ckcapi_removeObjectFromHash( + ckcapiInternalObject *io); /* * Finalize - unneeded - * Destroy + * Destroy * IsTokenObject - CK_TRUE * GetAttributeCount * GetAttributeTypes @@ -1338,968 +1292,935 @@ ckcapi_removeObjectFromHash */ static CK_RV -ckcapi_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_OBJECT_CLASS objClass; - BOOL rc; - DWORD provType; - DWORD msError; - PRBool isCertType = (PRBool)(ckcapiCert == io->type); - HCERTSTORE hStore = 0; - - if (ckcapiRaw == io->type) { - /* there is not 'object write protected' error, use the next best thing */ - return CKR_TOKEN_WRITE_PROTECTED; - } - - objClass = io->objClass; - if (CKO_CERTIFICATE == objClass) { - PCCERT_CONTEXT certContext; - - /* get the store */ - hStore = CertOpenSystemStore(0, io->u.cert.certStore); - if (0 == hStore) { - rc = 0; - goto loser; - } - certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, - CERT_FIND_EXISTING, io->u.cert.certContext, NULL); - if ((PCCERT_CONTEXT)NULL == certContext) { - rc = 0; - goto loser; - } - rc = CertDeleteCertificateFromStore(certContext); - } else { - char *provName = NULL; - char *containerName = NULL; - HCRYPTPROV hProv; - CRYPT_HASH_BLOB msKeyID; - - if (0 == io->id.size) { - ckcapi_FetchID(io); + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_OBJECT_CLASS objClass; + BOOL rc; + DWORD provType; + DWORD msError; + PRBool isCertType = (PRBool)(ckcapiCert == io->type); + HCERTSTORE hStore = 0; + + if (ckcapiRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; } - if (isCertType) { - CRYPT_KEY_PROV_INFO * provInfo = ckcapi_cert_getProvInfo(io); - provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName); - containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); - provType = provInfo->dwProvType; - nss_ZFreeIf(provInfo); + objClass = io->objClass; + if (CKO_CERTIFICATE == objClass) { + PCCERT_CONTEXT certContext; + + /* get the store */ + hStore = CertOpenSystemStore(0, io->u.cert.certStore); + if (0 == hStore) { + rc = 0; + goto loser; + } + certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, + CERT_FIND_EXISTING, io->u.cert.certContext, NULL); + if ((PCCERT_CONTEXT)NULL == certContext) { + rc = 0; + goto loser; + } + rc = CertDeleteCertificateFromStore(certContext); } else { - provName = io->u.key.provName; - containerName = io->u.key.containerName; - provType = io->u.key.provInfo.dwProvType; - io->u.key.provName = NULL; - io->u.key.containerName = NULL; - } - /* first remove the key id pointer */ - msKeyID.cbData = io->id.size; - msKeyID.pbData = io->id.data; - rc = CryptSetKeyIdentifierProperty(&msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL); - if (rc) { - rc = CryptAcquireContext(&hProv, containerName, provName, provType, - CRYPT_DELETEKEYSET); + char *provName = NULL; + char *containerName = NULL; + HCRYPTPROV hProv; + CRYPT_HASH_BLOB msKeyID; + + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + + if (isCertType) { + CRYPT_KEY_PROV_INFO *provInfo = ckcapi_cert_getProvInfo(io); + provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName); + containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); + provType = provInfo->dwProvType; + nss_ZFreeIf(provInfo); + } else { + provName = io->u.key.provName; + containerName = io->u.key.containerName; + provType = io->u.key.provInfo.dwProvType; + io->u.key.provName = NULL; + io->u.key.containerName = NULL; + } + /* first remove the key id pointer */ + msKeyID.cbData = io->id.size; + msKeyID.pbData = io->id.data; + rc = CryptSetKeyIdentifierProperty(&msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL); + if (rc) { + rc = CryptAcquireContext(&hProv, containerName, provName, provType, + CRYPT_DELETEKEYSET); + } + nss_ZFreeIf(provName); + nss_ZFreeIf(containerName); } - nss_ZFreeIf(provName); - nss_ZFreeIf(containerName); - } loser: - if (hStore) { - CertCloseStore(hStore, 0); - } - if (!rc) { - msError = GetLastError(); - return CKR_GENERAL_ERROR; - } + if (hStore) { + CertCloseStore(hStore, 0); + } + if (!rc) { + msError = GetLastError(); + return CKR_GENERAL_ERROR; + } - /* remove it from the hash */ - ckcapi_removeObjectFromHash(io); + /* remove it from the hash */ + ckcapi_removeObjectFromHash(io); - /* free the puppy.. */ - nss_ckcapi_DestroyInternalObject(io); - return CKR_OK; + /* free the puppy.. */ + nss_ckcapi_DestroyInternalObject(io); + return CKR_OK; } static CK_BBOOL -ckcapi_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -ckcapi_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - - if (ckcapiRaw == io->type) { - return io->u.raw.n; - } - switch (io->objClass) { - case CKO_CERTIFICATE: - return certAttrsCount; - case CKO_PUBLIC_KEY: - return pubKeyAttrsCount; - case CKO_PRIVATE_KEY: - return privKeyAttrsCount; - default: - break; - } - return 0; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + + if (ckcapiRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; } static CK_RV -ckcapi_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +ckcapi_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_ULONG i; - CK_RV error = CKR_OK; - const CK_ATTRIBUTE_TYPE *attrs = NULL; - CK_ULONG size = ckcapi_mdObject_GetAttributeCount( - mdObject, fwObject, mdSession, fwSession, - mdToken, fwToken, mdInstance, fwInstance, &error); - - if( size != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } - if (io->type == ckcapiRaw) { - attrs = io->u.raw.types; - } else switch(io->objClass) { - case CKO_CERTIFICATE: - attrs = certAttrs; - break; - case CKO_PUBLIC_KEY: - attrs = pubKeyAttrs; - break; - case CKO_PRIVATE_KEY: - attrs = privKeyAttrs; - break; - default: - return CKR_OK; - } - - for( i = 0; i < size; i++) { - typeArray[i] = attrs[i]; - } - - return CKR_OK; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckcapi_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if (size != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckcapiRaw) { + attrs = io->u.raw.types; + } else + switch (io->objClass) { + case CKO_CERTIFICATE: + attrs = + certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = + pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = + privKeyAttrs; + break; + default: + return CKR_OK; + } + + for (i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; } static CK_ULONG -ckcapi_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckcapi_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - const NSSItem *b; + const NSSItem *b; - b = nss_ckcapi_FetchAttribute(io, attribute); + b = nss_ckcapi_FetchAttribute(io, attribute); - if ((const NSSItem *)NULL == b) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; - } - return b->size; + if ((const NSSItem *)NULL == b) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; + } + return b->size; } static CK_RV -ckcapi_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +ckcapi_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - return CKR_OK; + return CKR_OK; } static NSSCKFWItem -ckcapi_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckcapi_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + NSSCKFWItem mdItem; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*)nss_ckcapi_FetchAttribute(io, attribute); + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)nss_ckcapi_FetchAttribute(io, attribute); - if ((NSSItem *)NULL == mdItem.item) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - } + if ((NSSItem *)NULL == mdItem.item) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + } - return mdItem; + return mdItem; } static CK_ULONG -ckcapi_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_ULONG rv = 1; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG rv = 1; - /* size is irrelevant to this token */ - return rv; + /* size is irrelevant to this token */ + return rv; } static const NSSCKMDObject -ckcapi_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - ckcapi_mdObject_Destroy, - ckcapi_mdObject_IsTokenObject, - ckcapi_mdObject_GetAttributeCount, - ckcapi_mdObject_GetAttributeTypes, - ckcapi_mdObject_GetAttributeSize, - ckcapi_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - ckcapi_mdObject_SetAttribute, - ckcapi_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + ckcapi_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckcapi_mdObject_Destroy, + ckcapi_mdObject_IsTokenObject, + ckcapi_mdObject_GetAttributeCount, + ckcapi_mdObject_GetAttributeTypes, + ckcapi_mdObject_GetAttributeSize, + ckcapi_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckcapi_mdObject_SetAttribute, + ckcapi_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; static nssHash *ckcapiInternalObjectHash = NULL; NSS_IMPLEMENT NSSCKMDObject * -nss_ckcapi_CreateMDObject -( - NSSArena *arena, - ckcapiInternalObject *io, - CK_RV *pError -) +nss_ckcapi_CreateMDObject( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError) { - if ((nssHash *)NULL == ckcapiInternalObjectHash) { - ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10); - } - if (ckcapiCert == io->type) { - /* the hash key, not a cryptographic key */ - NSSItem *key = &io->hashKey; - ckcapiInternalObject *old_o = NULL; + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckcapiCert == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckcapiInternalObject *old_o = NULL; + + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + old_o = (ckcapiInternalObject *) + nssHash_Lookup(ckcapiInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckcapiInternalObjectHash, key, io); + } else if (old_o != io) { + nss_ckcapi_DestroyInternalObject(io); + io = old_o; + } + } - if (key->size == 0) { - ckcapi_FetchHashKey(io); - } - old_o = (ckcapiInternalObject *) - nssHash_Lookup(ckcapiInternalObjectHash, key); - if (!old_o) { - nssHash_Add(ckcapiInternalObjectHash, key, io); - } else if (old_o != io) { - nss_ckcapi_DestroyInternalObject(io); - io = old_o; - } - } - - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&ckcapi_prototype_mdObject, - sizeof(ckcapi_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } - return &io->mdObject; + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &ckcapi_prototype_mdObject, + sizeof(ckcapi_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; } static void -ckcapi_removeObjectFromHash -( - ckcapiInternalObject *io -) +ckcapi_removeObjectFromHash( + ckcapiInternalObject *io) { - NSSItem *key = &io->hashKey; + NSSItem *key = &io->hashKey; - if ((nssHash *)NULL == ckcapiInternalObjectHash) { + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + return; + } + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + nssHash_Remove(ckcapiInternalObjectHash, key); return; - } - if (key->size == 0) { - ckcapi_FetchHashKey(io); - } - nssHash_Remove(ckcapiInternalObjectHash, key); - return; } void -nss_ckcapi_DestroyInternalObject -( - ckcapiInternalObject *io -) +nss_ckcapi_DestroyInternalObject( + ckcapiInternalObject *io) { - switch (io->type) { - case ckcapiRaw: + switch (io->type) { + case ckcapiRaw: + return; + case ckcapiCert: + CertFreeCertificateContext(io->u.cert.certContext); + nss_ZFreeIf(io->u.cert.labelData); + nss_ZFreeIf(io->u.cert.key.privateKey); + nss_ZFreeIf(io->u.cert.key.pubKey); + nss_ZFreeIf(io->idData); + break; + case ckcapiBareKey: + nss_ZFreeIf(io->u.key.provInfo.pwszContainerName); + nss_ZFreeIf(io->u.key.provInfo.pwszProvName); + nss_ZFreeIf(io->u.key.provName); + nss_ZFreeIf(io->u.key.containerName); + nss_ZFreeIf(io->u.key.key.privateKey); + nss_ZFreeIf(io->u.key.key.pubKey); + if (0 != io->u.key.hProv) { + CryptReleaseContext(io->u.key.hProv, 0); + } + nss_ZFreeIf(io->idData); + break; + } + nss_ZFreeIf(io); return; - case ckcapiCert: - CertFreeCertificateContext(io->u.cert.certContext); - nss_ZFreeIf(io->u.cert.labelData); - nss_ZFreeIf(io->u.cert.key.privateKey); - nss_ZFreeIf(io->u.cert.key.pubKey); - nss_ZFreeIf(io->idData); - break; - case ckcapiBareKey: - nss_ZFreeIf(io->u.key.provInfo.pwszContainerName); - nss_ZFreeIf(io->u.key.provInfo.pwszProvName); - nss_ZFreeIf(io->u.key.provName); - nss_ZFreeIf(io->u.key.containerName); - nss_ZFreeIf(io->u.key.key.privateKey); - nss_ZFreeIf(io->u.key.key.pubKey); - if (0 != io->u.key.hProv) { - CryptReleaseContext(io->u.key.hProv, 0); - } - nss_ZFreeIf(io->idData); - break; - } - nss_ZFreeIf(io); - return; } static ckcapiInternalObject * -nss_ckcapi_CreateCertificate -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreateCertificate( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem value; - NSSItem keyID; - char *storeStr; - ckcapiInternalObject *io = NULL; - PCCERT_CONTEXT certContext = NULL; - PCCERT_CONTEXT storedCertContext = NULL; - CRYPT_KEY_PROV_INFO *prov_info = NULL; - char *nickname = NULL; - HCERTSTORE hStore = 0; - DWORD msError = 0; - PRBool hasID; - CK_RV dummy; - BOOL rc; - - *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, - ulAttributeCount, &value); - - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } + NSSItem value; + NSSItem keyID; + char *storeStr; + ckcapiInternalObject *io = NULL; + PCCERT_CONTEXT certContext = NULL; + PCCERT_CONTEXT storedCertContext = NULL; + CRYPT_KEY_PROV_INFO *prov_info = NULL; + char *nickname = NULL; + HCERTSTORE hStore = 0; + DWORD msError = 0; + PRBool hasID; + CK_RV dummy; + BOOL rc; + + *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } - *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } - if (ckcapi_cert_exists(&value, &io)) { - return io; - } + if (ckcapi_cert_exists(&value, &io)) { + return io; + } - /* OK, we are creating a new one, figure out what store it belongs to.. + /* OK, we are creating a new one, figure out what store it belongs to.. * first get a certContext handle.. */ - certContext = CertCreateCertificateContext(X509_ASN_ENCODING, - value.data, value.size); - if ((PCCERT_CONTEXT) NULL == certContext) { - msError = GetLastError(); - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - - /* do we have a private key laying around... */ - prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID); - if (prov_info) { - CRYPT_DATA_BLOB msKeyID; - storeStr = "My"; - hasID = PR_TRUE; - rc = CertSetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, - 0, prov_info); - nss_ZFreeIf(prov_info); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; + certContext = CertCreateCertificateContext(X509_ASN_ENCODING, + value.data, value.size); + if ((PCCERT_CONTEXT)NULL == certContext) { + msError = GetLastError(); + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; } - msKeyID.cbData = keyID.size; - msKeyID.pbData = keyID.data; - rc = CertSetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, - 0, &msKeyID); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - /* does it look like a CA */ - } else if (ckcapi_cert_isCA(certContext)) { - storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; - /* does it look like an S/MIME cert */ - } else if (ckcapi_cert_hasEmail(certContext)) { - storeStr = "AddressBook"; - } else { - /* just pick a store */ - storeStr = "CA"; - } - - /* get the nickname, not an error if we can't find it */ - nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &dummy); - if (nickname) { - LPWSTR nicknameUTF16 = NULL; - CRYPT_DATA_BLOB nicknameBlob; - - nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname); - nss_ZFreeIf(nickname); - nickname = NULL; - if ((LPWSTR)NULL == nicknameUTF16) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16); - nicknameBlob.pbData = (BYTE *)nicknameUTF16; - rc = CertSetCertificateContextProperty(certContext, - CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob); - nss_ZFreeIf(nicknameUTF16); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; + + /* do we have a private key laying around... */ + prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID); + if (prov_info) { + CRYPT_DATA_BLOB msKeyID; + storeStr = "My"; + hasID = PR_TRUE; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, + 0, prov_info); + nss_ZFreeIf(prov_info); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, + 0, &msKeyID); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + /* does it look like a CA */ + } else if (ckcapi_cert_isCA(certContext)) { + storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; + /* does it look like an S/MIME cert */ + } else if (ckcapi_cert_hasEmail(certContext)) { + storeStr = "AddressBook"; + } else { + /* just pick a store */ + storeStr = "CA"; } - } - hStore = CertOpenSystemStore((HCRYPTPROV) NULL, storeStr); - if (0 == hStore) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - rc = CertAddCertificateContextToStore(hStore, certContext, - CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext); - CertFreeCertificateContext(certContext); - certContext = NULL; - CertCloseStore(hStore, 0); - hStore = 0; - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - io->type = ckcapiCert; - io->objClass = CKO_CERTIFICATE; - io->u.cert.certContext = storedCertContext; - io->u.cert.hasID = hasID; - return io; + /* get the nickname, not an error if we can't find it */ + nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + if (nickname) { + LPWSTR nicknameUTF16 = NULL; + CRYPT_DATA_BLOB nicknameBlob; + + nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname); + nss_ZFreeIf(nickname); + nickname = NULL; + if ((LPWSTR)NULL == nicknameUTF16) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16); + nicknameBlob.pbData = (BYTE *)nicknameUTF16; + rc = CertSetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob); + nss_ZFreeIf(nicknameUTF16); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + } -loser: - if (certContext) { + hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); + if (0 == hStore) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + rc = CertAddCertificateContextToStore(hStore, certContext, + CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext); CertFreeCertificateContext(certContext); certContext = NULL; - } - if (storedCertContext) { - CertFreeCertificateContext(storedCertContext); - storedCertContext = NULL; - } - if (0 != hStore) { CertCloseStore(hStore, 0); - } - return (ckcapiInternalObject *)NULL; + hStore = 0; + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiCert; + io->objClass = CKO_CERTIFICATE; + io->u.cert.certContext = storedCertContext; + io->u.cert.hasID = hasID; + return io; + +loser: + if (certContext) { + CertFreeCertificateContext(certContext); + certContext = NULL; + } + if (storedCertContext) { + CertFreeCertificateContext(storedCertContext); + storedCertContext = NULL; + } + if (0 != hStore) { + CertCloseStore(hStore, 0); + } + return (ckcapiInternalObject *)NULL; } static char * -ckcapi_getDefaultProvider -( - CK_RV *pError -) +ckcapi_getDefaultProvider( + CK_RV *pError) { - char *name = NULL; - BOOL rc; - DWORD nameLength = 0; - - rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL, - &nameLength); - if (!rc) { - return (char *)NULL; - } - - name = nss_ZNEWARRAY(NULL, char, nameLength); - if ((char *)NULL == name ) { - return (char *)NULL; - } - rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name, - &nameLength); - if (!rc) { - nss_ZFreeIf(name); - return (char *)NULL; - } - - return name; + char *name = NULL; + BOOL rc; + DWORD nameLength = 0; + + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL, + &nameLength); + if (!rc) { + return (char *)NULL; + } + + name = nss_ZNEWARRAY(NULL, char, nameLength); + if ((char *)NULL == name) { + return (char *)NULL; + } + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name, + &nameLength); + if (!rc) { + nss_ZFreeIf(name); + return (char *)NULL; + } + + return name; } static char * -ckcapi_getContainer -( - CK_RV *pError, - NSSItem *id -) +ckcapi_getContainer( + CK_RV *pError, + NSSItem *id) { - RPC_STATUS rstat; - UUID uuid; - char *uuidStr; - char *container; - - rstat = UuidCreate(&uuid); - rstat = UuidToString(&uuid, &uuidStr); - - /* convert it from rcp memory to our own */ - container = nssUTF8_Duplicate(uuidStr, NULL); - RpcStringFree(&uuidStr); - - return container; + RPC_STATUS rstat; + UUID uuid; + char *uuidStr; + char *container; + + rstat = UuidCreate(&uuid); + rstat = UuidToString(&uuid, &uuidStr); + + /* convert it from rcp memory to our own */ + container = nssUTF8_Duplicate(uuidStr, NULL); + RpcStringFree(&uuidStr); + + return container; } static CK_RV -ckcapi_buildPrivateKeyBlob -( - NSSItem *keyBlob, - NSSItem *modulus, - NSSItem *publicExponent, - NSSItem *privateExponent, - NSSItem *prime1, - NSSItem *prime2, - NSSItem *exponent1, - NSSItem *exponent2, - NSSItem *coefficient, - PRBool isKeyExchange -) +ckcapi_buildPrivateKeyBlob( + NSSItem *keyBlob, + NSSItem *modulus, + NSSItem *publicExponent, + NSSItem *privateExponent, + NSSItem *prime1, + NSSItem *prime2, + NSSItem *exponent1, + NSSItem *exponent2, + NSSItem *coefficient, + PRBool isKeyExchange) { - CAPI_RSA_KEY_BLOB *keyBlobData = NULL; - unsigned char *target; - unsigned long modSize = modulus->size; - unsigned long dataSize; - CK_RV error = CKR_OK; - - /* validate extras */ - if (privateExponent->size != modSize) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (prime1->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (prime2->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (exponent1->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (exponent2->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (coefficient->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - dataSize = (modSize*4)+(modSize/2) + sizeof(CAPI_RSA_KEY_BLOB); - keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize); - if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) { - error = CKR_HOST_MEMORY; - goto loser; - } - - keyBlobData->header.bType = PRIVATEKEYBLOB; - keyBlobData->header.bVersion = 0x02; - keyBlobData->header.reserved = 0x00; - keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX:CALG_RSA_SIGN; - keyBlobData->rsa.magic = 0x32415352; - keyBlobData->rsa.bitlen = modSize * 8; - keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent,&error); - if (CKR_OK != error) { - goto loser; - } - - target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)]; - nsslibc_memcpy(target, modulus->data, modulus->size); - modulus->data = target; - ckcapi_ReverseData(modulus); - - target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)]; - nsslibc_memcpy(target, privateExponent->data, privateExponent->size); - privateExponent->data = target; - ckcapi_ReverseData(privateExponent); - - target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)]; - nsslibc_memcpy(target, prime1->data, prime1->size); - prime1->data = target; - ckcapi_ReverseData(prime1); - - target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)]; - nsslibc_memcpy(target, prime2->data, prime2->size); - prime2->data = target; - ckcapi_ReverseData(prime2); - - target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)]; - nsslibc_memcpy(target, exponent1->data, exponent1->size); - exponent1->data = target; - ckcapi_ReverseData(exponent1); - - target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)]; - nsslibc_memcpy(target, exponent2->data, exponent2->size); - exponent2->data = target; - ckcapi_ReverseData(exponent2); - - target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)]; - nsslibc_memcpy(target, coefficient->data, coefficient->size); - coefficient->data = target; - ckcapi_ReverseData(coefficient); - - keyBlob->data = keyBlobData; - keyBlob->size = dataSize; - - return CKR_OK; + CAPI_RSA_KEY_BLOB *keyBlobData = NULL; + unsigned char *target; + unsigned long modSize = modulus->size; + unsigned long dataSize; + CK_RV error = CKR_OK; + + /* validate extras */ + if (privateExponent->size != modSize) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime1->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime2->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent1->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent2->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (coefficient->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + dataSize = (modSize * 4) + (modSize / 2) + sizeof(CAPI_RSA_KEY_BLOB); + keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize); + if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) { + error = CKR_HOST_MEMORY; + goto loser; + } + + keyBlobData->header.bType = PRIVATEKEYBLOB; + keyBlobData->header.bVersion = 0x02; + keyBlobData->header.reserved = 0x00; + keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX : CALG_RSA_SIGN; + keyBlobData->rsa.magic = 0x32415352; + keyBlobData->rsa.bitlen = modSize * 8; + keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent, &error); + if (CKR_OK != error) { + goto loser; + } + + target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)]; + nsslibc_memcpy(target, modulus->data, modulus->size); + modulus->data = target; + ckcapi_ReverseData(modulus); + + target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)]; + nsslibc_memcpy(target, privateExponent->data, privateExponent->size); + privateExponent->data = target; + ckcapi_ReverseData(privateExponent); + + target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)]; + nsslibc_memcpy(target, prime1->data, prime1->size); + prime1->data = target; + ckcapi_ReverseData(prime1); + + target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)]; + nsslibc_memcpy(target, prime2->data, prime2->size); + prime2->data = target; + ckcapi_ReverseData(prime2); + + target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent1->data, exponent1->size); + exponent1->data = target; + ckcapi_ReverseData(exponent1); + + target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent2->data, exponent2->size); + exponent2->data = target; + ckcapi_ReverseData(exponent2); + + target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)]; + nsslibc_memcpy(target, coefficient->data, coefficient->size); + coefficient->data = target; + ckcapi_ReverseData(coefficient); + + keyBlob->data = keyBlobData; + keyBlob->size = dataSize; + + return CKR_OK; loser: - nss_ZFreeIf(keyBlobData); - return error; + nss_ZFreeIf(keyBlobData); + return error; } static ckcapiInternalObject * -nss_ckcapi_CreatePrivateKey -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreatePrivateKey( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem modulus; - NSSItem publicExponent; - NSSItem privateExponent; - NSSItem exponent1; - NSSItem exponent2; - NSSItem prime1; - NSSItem prime2; - NSSItem coefficient; - NSSItem keyID; - NSSItem keyBlob; - ckcapiInternalObject *io = NULL; - char *providerName = NULL; - char *containerName = NULL; - char *idData = NULL; - CRYPT_KEY_PROV_INFO provInfo; - CRYPT_HASH_BLOB msKeyID; - CK_KEY_TYPE keyType; - HCRYPTPROV hProv = 0; - HCRYPTKEY hKey = 0; - PRBool decrypt; - DWORD keySpec; - DWORD msError; - BOOL rc; - - keyType = nss_ckcapi_GetULongAttribute - (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - if (CKK_RSA != keyType) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (ckcapiInternalObject *)NULL; - } - - decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, - pTemplate, ulAttributeCount, pError); - if (CKR_TEMPLATE_INCOMPLETE == *pError) { - decrypt = PR_TRUE; /* default to true */ - } - decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, - pTemplate, ulAttributeCount, pError); - if (CKR_TEMPLATE_INCOMPLETE == *pError) { - decrypt = PR_TRUE; /* default to true */ - } - keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE; - - *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, - ulAttributeCount, &modulus); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, - ulAttributeCount, &publicExponent); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, - ulAttributeCount, &privateExponent); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, - ulAttributeCount, &prime1); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, - ulAttributeCount, &prime2); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, - ulAttributeCount, &exponent1); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, - ulAttributeCount, &exponent2); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, - ulAttributeCount, &coefficient); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - providerName = ckcapi_getDefaultProvider(pError); - if ((char *)NULL == providerName ) { - return (ckcapiInternalObject *)NULL; - } - containerName = ckcapi_getContainer(pError, &keyID); - if ((char *)NULL == containerName) { - goto loser; - } - rc = CryptAcquireContext(&hProv, containerName, providerName, - PROV_RSA_FULL, CRYPT_NEWKEYSET); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - *pError = ckcapi_buildPrivateKeyBlob( - &keyBlob, - &modulus, - &publicExponent, - &privateExponent, - &prime1, - &prime2, - &exponent1, - &exponent2, - &coefficient, - decrypt); - if (CKR_OK != *pError) { - goto loser; - } - - rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, - 0, CRYPT_EXPORTABLE, &hKey); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - idData = nss_ZNEWARRAY(NULL, char, keyID.size); - if ((void *)NULL == idData) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(idData, keyID.data, keyID.size); - - provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName); - provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName); - provInfo.dwProvType = PROV_RSA_FULL; - provInfo.dwFlags = 0; - provInfo.cProvParam = 0; - provInfo.rgProvParam = NULL; - provInfo.dwKeySpec = keySpec; - - msKeyID.cbData = keyID.size; - msKeyID.pbData = keyID.data; - - rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, &provInfo); - if (!rc) { - goto loser; - } - - /* handle error here */ - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - io->type = ckcapiBareKey; - io->objClass = CKO_PRIVATE_KEY; - io->u.key.provInfo = provInfo; - io->u.key.provName = providerName; - io->u.key.containerName = containerName; - io->u.key.hProv = hProv; /* save the handle */ - io->idData = idData; - io->id.data = idData; - io->id.size = keyID.size; - /* done with the key handle */ - CryptDestroyKey(hKey); - return io; + NSSItem modulus; + NSSItem publicExponent; + NSSItem privateExponent; + NSSItem exponent1; + NSSItem exponent2; + NSSItem prime1; + NSSItem prime2; + NSSItem coefficient; + NSSItem keyID; + NSSItem keyBlob; + ckcapiInternalObject *io = NULL; + char *providerName = NULL; + char *containerName = NULL; + char *idData = NULL; + CRYPT_KEY_PROV_INFO provInfo; + CRYPT_HASH_BLOB msKeyID; + CK_KEY_TYPE keyType; + HCRYPTPROV hProv = 0; + HCRYPTKEY hKey = 0; + PRBool decrypt; + DWORD keySpec; + DWORD msError; + BOOL rc; + + keyType = nss_ckcapi_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckcapiInternalObject *)NULL; + } -loser: - nss_ZFreeIf(containerName); - nss_ZFreeIf(providerName); - nss_ZFreeIf(idData); - if (0 != hProv) { - CryptReleaseContext(hProv, 0); - } - if (0 != hKey) { + decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE; + + *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &modulus); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &publicExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &privateExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &prime1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &prime2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &exponent1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &exponent2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &coefficient); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + providerName = ckcapi_getDefaultProvider(pError); + if ((char *)NULL == providerName) { + return (ckcapiInternalObject *)NULL; + } + containerName = ckcapi_getContainer(pError, &keyID); + if ((char *)NULL == containerName) { + goto loser; + } + rc = CryptAcquireContext(&hProv, containerName, providerName, + PROV_RSA_FULL, CRYPT_NEWKEYSET); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + *pError = ckcapi_buildPrivateKeyBlob( + &keyBlob, + &modulus, + &publicExponent, + &privateExponent, + &prime1, + &prime2, + &exponent1, + &exponent2, + &coefficient, + decrypt); + if (CKR_OK != *pError) { + goto loser; + } + + rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, + 0, CRYPT_EXPORTABLE, &hKey); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + idData = nss_ZNEWARRAY(NULL, char, keyID.size); + if ((void *)NULL == idData) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(idData, keyID.data, keyID.size); + + provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName); + provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName); + provInfo.dwProvType = PROV_RSA_FULL; + provInfo.dwFlags = 0; + provInfo.cProvParam = 0; + provInfo.rgProvParam = NULL; + provInfo.dwKeySpec = keySpec; + + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + + rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, &provInfo); + if (!rc) { + goto loser; + } + + /* handle error here */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = CKO_PRIVATE_KEY; + io->u.key.provInfo = provInfo; + io->u.key.provName = providerName; + io->u.key.containerName = containerName; + io->u.key.hProv = hProv; /* save the handle */ + io->idData = idData; + io->id.data = idData; + io->id.size = keyID.size; + /* done with the key handle */ CryptDestroyKey(hKey); - } - return (ckcapiInternalObject *)NULL; -} + return io; +loser: + nss_ZFreeIf(containerName); + nss_ZFreeIf(providerName); + nss_ZFreeIf(idData); + if (0 != hProv) { + CryptReleaseContext(hProv, 0); + } + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return (ckcapiInternalObject *)NULL; +} NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_OBJECT_CLASS objClass; - ckcapiInternalObject *io = NULL; - CK_BBOOL isToken; - - /* - * only create token objects - */ - isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } - if (!isToken) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKMDObject *) NULL; - } - - /* - * only create keys and certs. - */ - objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } + CK_OBJECT_CLASS objClass; + ckcapiInternalObject *io = NULL; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *)NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } #ifdef notdef - if (objClass == CKO_PUBLIC_KEY) { - return CKR_OK; /* fake public key creation, happens as a side effect of - * private key creation */ - } + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } #endif - if (objClass == CKO_CERTIFICATE) { - io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, - ulAttributeCount, pError); - } else if (objClass == CKO_PRIVATE_KEY) { - io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, - ulAttributeCount, pError); - } else { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - - if ((ckcapiInternalObject *)NULL == io) { - return (NSSCKMDObject *) NULL; - } - return nss_ckcapi_CreateMDObject(NULL, io, pError); + if (objClass == CKO_CERTIFICATE) { + io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckcapiInternalObject *)NULL == io) { + return (NSSCKMDObject *)NULL; + } + return nss_ckcapi_CreateMDObject(NULL, io, pError); } diff --git a/nss/lib/ckfw/capi/constants.c b/nss/lib/ckfw/capi/constants.c index 9b919aa..0d4b701 100644 --- a/nss/lib/ckfw/capi/constants.c +++ b/nss/lib/ckfw/capi/constants.c @@ -21,40 +21,43 @@ #endif /* NSSCAPI_H */ NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_CryptokiVersion = { - NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR, - NSS_CKCAPI_CRYPTOKI_VERSION_MINOR }; + nss_ckcapi_CryptokiVersion = { + NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR, + NSS_CKCAPI_CRYPTOKI_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + nss_ckcapi_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_LibraryDescription = (NSSUTF8 *) "NSS Access to Microsoft Certificate Store"; + nss_ckcapi_LibraryDescription = (NSSUTF8 *)"NSS Access to Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_LibraryVersion = { - NSS_CKCAPI_LIBRARY_VERSION_MAJOR, - NSS_CKCAPI_LIBRARY_VERSION_MINOR}; + nss_ckcapi_LibraryVersion = { + NSS_CKCAPI_LIBRARY_VERSION_MAJOR, + NSS_CKCAPI_LIBRARY_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_SlotDescription = (NSSUTF8 *) "Microsoft Certificate Store"; + nss_ckcapi_SlotDescription = (NSSUTF8 *)"Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_HardwareVersion = { - NSS_CKCAPI_HARDWARE_VERSION_MAJOR, - NSS_CKCAPI_HARDWARE_VERSION_MINOR }; + nss_ckcapi_HardwareVersion = { + NSS_CKCAPI_HARDWARE_VERSION_MAJOR, + NSS_CKCAPI_HARDWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_FirmwareVersion = { - NSS_CKCAPI_FIRMWARE_VERSION_MAJOR, - NSS_CKCAPI_FIRMWARE_VERSION_MINOR }; + nss_ckcapi_FirmwareVersion = { + NSS_CKCAPI_FIRMWARE_VERSION_MAJOR, + NSS_CKCAPI_FIRMWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenLabel = (NSSUTF8 *) "Microsoft Certificate Store"; + nss_ckcapi_TokenLabel = (NSSUTF8 *)"Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenModel = (NSSUTF8 *) "1"; + nss_ckcapi_TokenModel = (NSSUTF8 *)"1"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenSerialNumber = (NSSUTF8 *) "1"; - + nss_ckcapi_TokenSerialNumber = (NSSUTF8 *)"1"; diff --git a/nss/lib/ckfw/capi/crsa.c b/nss/lib/ckfw/capi/crsa.c index 9acc7e7..62f90ac 100644 --- a/nss/lib/ckfw/capi/crsa.c +++ b/nss/lib/ckfw/capi/crsa.c @@ -5,7 +5,7 @@ #include "ckcapi.h" #include "secdert.h" -#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */ +#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */ /* * ckcapi/crsa.c @@ -21,115 +21,109 @@ static char * putDecimalString(char *cstr, unsigned long value) { - unsigned long tenpower; - int first = 1; - - for (tenpower=10000000; tenpower; tenpower /= 10) { - unsigned char digit = (unsigned char )(value/tenpower); - value = value % tenpower; - - /* drop leading zeros */ - if (first && (0 == digit)) { - continue; - } - first = 0; - *cstr++ = digit + '0'; - } - - /* if value was zero, put one of them out */ - if (first) { - *cstr++ = '0'; - } - return cstr; -} + unsigned long tenpower; + int first = 1; + + for (tenpower = 10000000; tenpower; tenpower /= 10) { + unsigned char digit = (unsigned char)(value / tenpower); + value = value % tenpower; + + /* drop leading zeros */ + if (first && (0 == digit)) { + continue; + } + first = 0; + *cstr++ = digit + '0'; + } + /* if value was zero, put one of them out */ + if (first) { + *cstr++ = '0'; + } + return cstr; +} /* * Create a Capi OID string value from a DER OID */ static char * -nss_ckcapi_GetOidString -( - unsigned char *oidTag, - unsigned int oidTagSize, - CK_RV *pError -) +nss_ckcapi_GetOidString( + unsigned char *oidTag, + unsigned int oidTagSize, + CK_RV *pError) { - unsigned char *oid; - char *oidStr; - char *cstr; - unsigned long value; - unsigned int oidSize; - - if (DER_OBJECT_ID != *oidTag) { - /* wasn't an oid */ - *pError = CKR_DATA_INVALID; - return NULL; - } - oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL); - - if (oidSize < 2) { - *pError = CKR_DATA_INVALID; - return NULL; - } - - oidStr = nss_ZNEWARRAY( NULL, char, oidSize*4 ); - if ((char *)NULL == oidStr) { - *pError = CKR_HOST_MEMORY; - return NULL; - } - cstr = oidStr; - cstr = putDecimalString(cstr, (*oid) / 40); - *cstr++ = '.'; - cstr = putDecimalString(cstr, (*oid) % 40); - oidSize--; - - value = 0; - while (oidSize--) { - oid++; - value = (value << 7) + (*oid & 0x7f); - if (0 == (*oid & 0x80)) { - *cstr++ = '.'; - cstr = putDecimalString(cstr, value); - value = 0; - } - } - - *cstr = 0; /* NULL terminate */ - - if (value != 0) { - nss_ZFreeIf(oidStr); - *pError = CKR_DATA_INVALID; - return NULL; - } - return oidStr; -} + unsigned char *oid; + char *oidStr; + char *cstr; + unsigned long value; + unsigned int oidSize; + + if (DER_OBJECT_ID != *oidTag) { + /* wasn't an oid */ + *pError = CKR_DATA_INVALID; + return NULL; + } + oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL); + + if (oidSize < 2) { + *pError = CKR_DATA_INVALID; + return NULL; + } + + oidStr = nss_ZNEWARRAY(NULL, char, oidSize * 4); + if ((char *)NULL == oidStr) { + *pError = CKR_HOST_MEMORY; + return NULL; + } + cstr = oidStr; + cstr = putDecimalString(cstr, (*oid) / 40); + *cstr++ = '.'; + cstr = putDecimalString(cstr, (*oid) % 40); + oidSize--; + + value = 0; + while (oidSize--) { + oid++; + value = (value << 7) + (*oid & 0x7f); + if (0 == (*oid & 0x80)) { + *cstr++ = '.'; + cstr = putDecimalString(cstr, value); + value = 0; + } + } + + *cstr = 0; /* NULL terminate */ + if (value != 0) { + nss_ZFreeIf(oidStr); + *pError = CKR_DATA_INVALID; + return NULL; + } + return oidStr; +} /* - * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, - * which includes the hash OID. CAPI expects to take a Hash Context. While - * CAPI does have the capability of setting a raw hash value, it does not + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not * have the ability to sign an arbitrary value. This function tries to * reduce the passed in data into something that CAPI could actually sign. */ static CK_RV -ckcapi_GetRawHash -( - const NSSItem *input, - NSSItem *hash, - ALG_ID *hashAlg -) +ckcapi_GetRawHash( + const NSSItem *input, + NSSItem *hash, + ALG_ID *hashAlg) { - unsigned char *current; - unsigned char *algid; - unsigned char *oid; - unsigned char *hashData; - char *oidStr; - CK_RV error; - unsigned int oidSize; - unsigned int size; - /* + unsigned char *current; + unsigned char *algid; + unsigned char *oid; + unsigned char *hashData; + char *oidStr; + CK_RV error; + unsigned int oidSize; + unsigned int size; + /* * there are 2 types of hashes NSS typically tries to sign, regular * RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes. * CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any @@ -138,73 +132,73 @@ ckcapi_GetRawHash * is really a combined hash or some other arbitrary data, so it's safe to * handle this case first. */ - if (SSL3_SHAMD5_HASH_SIZE == input->size) { - hash->data = input->data; - hash->size = input->size; - *hashAlg = CALG_SSL3_SHAMD5; - return CKR_OK; - } - - current = (unsigned char *)input->data; - - /* make sure we have a sequence tag */ - if ((DER_SEQUENCE|DER_CONSTRUCTED) != *current) { - return CKR_DATA_INVALID; - } - - /* parse the input block to get 1) the hash oid, and 2) the raw hash value. - * unfortunatly CAPI doesn't have a builtin function to do this work, so - * we go ahead and do it by hand here. - * - * format is: - * SEQUENCE { - * SECQUENCE { // algid - * OID {} // oid - * ANY {} // optional params - * } - * OCTECT {} // hash - */ - - /* unwrap */ - algid = nss_ckcapi_DERUnwrap(current,input->size, &size, NULL); - - if (algid+size != current+input->size) { - /* make sure there is not extra data at the end */ - return CKR_DATA_INVALID; - } - - if ((DER_SEQUENCE|DER_CONSTRUCTED) != *algid) { - /* wasn't an algid */ - return CKR_DATA_INVALID; - } - oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData); - - if (DER_OCTET_STRING != *hashData) { - /* wasn't a hash */ - return CKR_DATA_INVALID; - } - - /* get the real hash */ - current = hashData; - size = size - (hashData-algid); - hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL); - - /* get the real oid as a string. Again, Microsoft does not - * export anything that does this for us */ - oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error); - if ((char *)NULL == oidStr ) { - return error; - } + if (SSL3_SHAMD5_HASH_SIZE == input->size) { + hash->data = input->data; + hash->size = input->size; + *hashAlg = CALG_SSL3_SHAMD5; + return CKR_OK; + } + + current = (unsigned char *)input->data; + + /* make sure we have a sequence tag */ + if ((DER_SEQUENCE | DER_CONSTRUCTED) != *current) { + return CKR_DATA_INVALID; + } + + /* parse the input block to get 1) the hash oid, and 2) the raw hash value. + * unfortunatly CAPI doesn't have a builtin function to do this work, so + * we go ahead and do it by hand here. + * + * format is: + * SEQUENCE { + * SECQUENCE { // algid + * OID {} // oid + * ANY {} // optional params + * } + * OCTECT {} // hash + */ + + /* unwrap */ + algid = nss_ckcapi_DERUnwrap(current, input->size, &size, NULL); + + if (algid + size != current + input->size) { + /* make sure there is not extra data at the end */ + return CKR_DATA_INVALID; + } + + if ((DER_SEQUENCE | DER_CONSTRUCTED) != *algid) { + /* wasn't an algid */ + return CKR_DATA_INVALID; + } + oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData); + + if (DER_OCTET_STRING != *hashData) { + /* wasn't a hash */ + return CKR_DATA_INVALID; + } + + /* get the real hash */ + current = hashData; + size = size - (hashData - algid); + hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL); + + /* get the real oid as a string. Again, Microsoft does not + * export anything that does this for us */ + oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error); + if ((char *)NULL == oidStr) { + return error; + } - /* look up the hash alg from the oid (fortunately CAPI does to this) */ - *hashAlg = CertOIDToAlgId(oidStr); - nss_ZFreeIf(oidStr); - if (0 == *hashAlg) { - return CKR_HOST_MEMORY; - } + /* look up the hash alg from the oid (fortunately CAPI does to this) */ + *hashAlg = CertOIDToAlgId(oidStr); + nss_ZFreeIf(oidStr); + if (0 == *hashAlg) { + return CKR_HOST_MEMORY; + } - /* hash looks reasonably consistent, we should be able to sign it now */ - return CKR_OK; + /* hash looks reasonably consistent, we should be able to sign it now */ + return CKR_OK; } /* @@ -214,133 +208,125 @@ ckcapi_GetRawHash void ckcapi_ReverseData(NSSItem *item) { - int end = (item->size)-1; - int middle = (item->size)/2; - unsigned char *buf = item->data; - int i; - - for (i=0; i < middle; i++) { - unsigned char tmp = buf[i]; - buf[i] = buf[end-i]; - buf[end-i] = tmp; - } - return; + int end = (item->size) - 1; + int middle = (item->size) / 2; + unsigned char *buf = item->data; + int i; + + for (i = 0; i < middle; i++) { + unsigned char tmp = buf[i]; + buf[i] = buf[end - i]; + buf[end - i] = tmp; + } + return; } -typedef struct ckcapiInternalCryptoOperationRSAPrivStr - ckcapiInternalCryptoOperationRSAPriv; -struct ckcapiInternalCryptoOperationRSAPrivStr -{ - NSSCKMDCryptoOperation mdOperation; - NSSCKMDMechanism *mdMechanism; - ckcapiInternalObject *iKey; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey; - NSSItem *buffer; +typedef struct ckcapiInternalCryptoOperationRSAPrivStr + ckcapiInternalCryptoOperationRSAPriv; +struct ckcapiInternalCryptoOperationRSAPrivStr { + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckcapiInternalObject *iKey; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + NSSItem *buffer; }; /* * ckcapi_mdCryptoOperationRSAPriv_Create */ static NSSCKMDCryptoOperation * -ckcapi_mdCryptoOperationRSAPriv_Create -( - const NSSCKMDCryptoOperation *proto, - NSSCKMDMechanism *mdMechanism, - NSSCKMDObject *mdKey, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSAPriv_Create( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + CK_RV *pError) { - ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc; - const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS); - const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE); - ckcapiInternalCryptoOperationRSAPriv *iOperation; - CK_RV error; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey; - - /* make sure we have the right objects */ - if (((const NSSItem *)NULL == classItem) || - (sizeof(CK_OBJECT_CLASS) != classItem->size) || - (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || - ((const NSSItem *)NULL == keyType) || - (sizeof(CK_KEY_TYPE) != keyType->size) || - (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { - *pError = CKR_KEY_TYPE_INCONSISTENT; - return (NSSCKMDCryptoOperation *)NULL; - } - - error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey); - if (error != CKR_OK) { - *pError = error; - return (NSSCKMDCryptoOperation *)NULL; - } - - iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv); - if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *)NULL; - } - iOperation->mdMechanism = mdMechanism; - iOperation->iKey = iKey; - iOperation->hProv = hProv; - iOperation->keySpec = keySpec; - iOperation->hKey = hKey; - - nsslibc_memcpy(&iOperation->mdOperation, - proto, sizeof(NSSCKMDCryptoOperation)); - iOperation->mdOperation.etc = iOperation; - - return &iOperation->mdOperation; + ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS); + const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE); + ckcapiInternalCryptoOperationRSAPriv *iOperation; + CK_RV error; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey); + if (error != CKR_OK) { + *pError = error; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv); + if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->hProv = hProv; + iOperation->keySpec = keySpec; + iOperation->hKey = hKey; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; } static CK_RV -ckcapi_mdCryptoOperationRSAPriv_Destroy -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdCryptoOperationRSAPriv_Destroy( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - - if (iOperation->hKey) { - CryptDestroyKey(iOperation->hKey); - } - if (iOperation->buffer) { - nssItem_Destroy(iOperation->buffer); - } - nss_ZFreeIf(iOperation); - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->hKey) { + CryptDestroyKey(iOperation->hKey); + } + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + nss_ZFreeIf(iOperation); + return CKR_OK; } static CK_ULONG -ckcapi_mdCryptoOperationRSA_GetFinalLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSA_GetFinalLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - const NSSItem *modulus = - nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS); + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS); - return modulus->size; + return modulus->size; } - /* * ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength * we won't know the length until we actually decrypt the @@ -348,86 +334,85 @@ ckcapi_mdCryptoOperationRSA_GetFinalLength * the block, we'll save if for when the block is asked for */ static CK_ULONG -ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - BOOL rc; - - /* Microsoft's Decrypt operation works in place. Since we don't want - * to trash our input buffer, we make a copy of it */ - iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL); - if ((NSSItem *) NULL == iOperation->buffer) { - *pError = CKR_HOST_MEMORY; - return 0; - } - /* Sigh, reverse it */ - ckcapi_ReverseData(iOperation->buffer); - - rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, - iOperation->buffer->data, &iOperation->buffer->size); - if (!rc) { - DWORD msError = GetLastError(); - switch (msError) { - case NTE_BAD_DATA: - *pError = CKR_ENCRYPTED_DATA_INVALID; - break; - case NTE_FAIL: - case NTE_BAD_UID: - *pError = CKR_DEVICE_ERROR; - break; - default: - *pError = CKR_GENERAL_ERROR; - } - return 0; - } - - return iOperation->buffer->size; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + BOOL rc; + + /* Microsoft's Decrypt operation works in place. Since we don't want + * to trash our input buffer, we make a copy of it */ + iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL); + if ((NSSItem *)NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + /* Sigh, reverse it */ + ckcapi_ReverseData(iOperation->buffer); + + rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, + iOperation->buffer->data, &iOperation->buffer->size); + if (!rc) { + DWORD msError = GetLastError(); + switch (msError) { + case NTE_BAD_DATA: + *pError = + CKR_ENCRYPTED_DATA_INVALID; + break; + case NTE_FAIL: + case NTE_BAD_UID: + *pError = + CKR_DEVICE_ERROR; + break; + default: + *pError = + CKR_GENERAL_ERROR; + } + return 0; + } + + return iOperation->buffer->size; } /* * ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal * - * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to * have been called previously. */ static CK_RV -ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - NSSItem *buffer = iOperation->buffer; - - if ((NSSItem *)NULL == buffer) { - return CKR_GENERAL_ERROR; - } - nsslibc_memcpy(output->data, buffer->data, buffer->size); - output->size = buffer->size; - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; } /* @@ -435,277 +420,268 @@ ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal * */ static CK_RV -ckcapi_mdCryptoOperationRSASign_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckcapi_mdCryptoOperationRSASign_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - CK_RV error = CKR_OK; - DWORD msError; - NSSItem hash; - HCRYPTHASH hHash = 0; - ALG_ID hashAlg; - DWORD hashSize; - DWORD len; /* temp length value we throw away */ - BOOL rc; - - /* - * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, - * which includes the hash OID. CAPI expects to take a Hash Context. While - * CAPI does have the capability of setting a raw hash value, it does not - * have the ability to sign an arbitrary value. This function tries to - * reduce the passed in data into something that CAPI could actually sign. - */ - error = ckcapi_GetRawHash(input, &hash, &hashAlg); - if (CKR_OK != error) { - goto loser; - } - - rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash); - if (!rc) { - goto loser; - } - - /* make sure the hash lens match before we set it */ - len = sizeof(DWORD); - rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0); - if (!rc) { - goto loser; - } - - if (hash.size != hashSize) { - /* The input must have been bad for this to happen */ - error = CKR_DATA_INVALID; - goto loser; - } - - /* we have an explicit hash, set it, note that the length is - * implicit by the hashAlg used in create */ - rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0); - if (!rc) { - goto loser; - } - - /* OK, we have the data in a hash structure, sign it! */ - rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0, - output->data, &output->size); - if (!rc) { - goto loser; - } - - /* Don't return a signature that might have been broken because of a cosmic - * ray, or a broken processor, verify that it is valid... */ - rc = CryptVerifySignature(hHash, output->data, output->size, - iOperation->hKey, NULL, 0); - if (!rc) { - goto loser; - } - - /* OK, Microsoft likes to do things completely differently than anyone - * else. We need to reverse the data we received here */ - ckcapi_ReverseData(output); - CryptDestroyHash(hHash); - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + CK_RV error = CKR_OK; + DWORD msError; + NSSItem hash; + HCRYPTHASH hHash = 0; + ALG_ID hashAlg; + DWORD hashSize; + DWORD len; /* temp length value we throw away */ + BOOL rc; + + /* + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not + * have the ability to sign an arbitrary value. This function tries to + * reduce the passed in data into something that CAPI could actually sign. + */ + error = ckcapi_GetRawHash(input, &hash, &hashAlg); + if (CKR_OK != error) { + goto loser; + } -loser: - /* map the microsoft error */ - if (CKR_OK == error) { - msError = GetLastError(); - switch (msError) { - case ERROR_NOT_ENOUGH_MEMORY: - error = CKR_HOST_MEMORY; - break; - case NTE_NO_MEMORY: - error = CKR_DEVICE_MEMORY; - break; - case ERROR_MORE_DATA: - return CKR_BUFFER_TOO_SMALL; - case ERROR_INVALID_PARAMETER: /* these params were derived from the */ - case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */ - case NTE_BAD_ALGID: /* data is bad */ - case NTE_BAD_HASH: - error = CKR_DATA_INVALID; - break; - case ERROR_BUSY: - case NTE_FAIL: - case NTE_BAD_UID: - error = CKR_DEVICE_ERROR; - break; - default: - error = CKR_GENERAL_ERROR; - break; - } - } - if (hHash) { + rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash); + if (!rc) { + goto loser; + } + + /* make sure the hash lens match before we set it */ + len = sizeof(DWORD); + rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0); + if (!rc) { + goto loser; + } + + if (hash.size != hashSize) { + /* The input must have been bad for this to happen */ + error = CKR_DATA_INVALID; + goto loser; + } + + /* we have an explicit hash, set it, note that the length is + * implicit by the hashAlg used in create */ + rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0); + if (!rc) { + goto loser; + } + + /* OK, we have the data in a hash structure, sign it! */ + rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0, + output->data, &output->size); + if (!rc) { + goto loser; + } + + /* Don't return a signature that might have been broken because of a cosmic + * ray, or a broken processor, verify that it is valid... */ + rc = CryptVerifySignature(hHash, output->data, output->size, + iOperation->hKey, NULL, 0); + if (!rc) { + goto loser; + } + + /* OK, Microsoft likes to do things completely differently than anyone + * else. We need to reverse the data we received here */ + ckcapi_ReverseData(output); CryptDestroyHash(hHash); - } - return error; + return CKR_OK; + +loser: + /* map the microsoft error */ + if (CKR_OK == error) { + msError = GetLastError(); + switch (msError) { + case ERROR_NOT_ENOUGH_MEMORY: + error = + CKR_HOST_MEMORY; + break; + case NTE_NO_MEMORY: + error = + CKR_DEVICE_MEMORY; + break; + case ERROR_MORE_DATA: + return CKR_BUFFER_TOO_SMALL; + case ERROR_INVALID_PARAMETER: /* these params were derived from the */ + case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */ + case NTE_BAD_ALGID: /* data is bad */ + case NTE_BAD_HASH: + error = + CKR_DATA_INVALID; + break; + case ERROR_BUSY: + case NTE_FAIL: + case NTE_BAD_UID: + error = + CKR_DEVICE_ERROR; + break; + default: + error = + CKR_GENERAL_ERROR; + break; + } + } + if (hHash) { + CryptDestroyHash(hHash); + } + return error; } - NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckcapi_mdCryptoOperationRSADecrypt_proto = { - NULL, /* etc */ - ckcapi_mdCryptoOperationRSAPriv_Destroy, - NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ - ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength, - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckcapi_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckcapi_mdCryptoOperationRSASign_proto = { - NULL, /* etc */ - ckcapi_mdCryptoOperationRSAPriv_Destroy, - ckcapi_mdCryptoOperationRSA_GetFinalLength, - NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckcapi_mdCryptoOperationRSASign_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckcapi_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + ckcapi_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; /********** NSSCKMDMechansim functions ***********************/ /* * ckcapi_mdMechanismRSA_Destroy */ static void -ckcapi_mdMechanismRSA_Destroy -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdMechanismRSA_Destroy( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_ZFreeIf(fwMechanism); + nss_ZFreeIf(fwMechanism); } /* * ckcapi_mdMechanismRSA_GetMinKeySize */ static CK_ULONG -ckcapi_mdMechanismRSA_GetMinKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdMechanismRSA_GetMinKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 384; + return 384; } /* * ckcapi_mdMechanismRSA_GetMaxKeySize */ static CK_ULONG -ckcapi_mdMechanismRSA_GetMaxKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdMechanismRSA_GetMaxKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 16384; + return 16384; } /* * ckcapi_mdMechanismRSA_DecryptInit */ -static NSSCKMDCryptoOperation * -ckcapi_mdMechanismRSA_DecryptInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_DecryptInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckcapi_mdCryptoOperationRSAPriv_Create( - &ckcapi_mdCryptoOperationRSADecrypt_proto, - mdMechanism, mdKey, pError); + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, pError); } /* * ckcapi_mdMechanismRSA_SignInit */ -static NSSCKMDCryptoOperation * -ckcapi_mdMechanismRSA_SignInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_SignInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckcapi_mdCryptoOperationRSAPriv_Create( - &ckcapi_mdCryptoOperationRSASign_proto, - mdMechanism, mdKey, pError); + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, pError); } - NSS_IMPLEMENT_DATA const NSSCKMDMechanism -nss_ckcapi_mdMechanismRSA = { - (void *)NULL, /* etc */ - ckcapi_mdMechanismRSA_Destroy, - ckcapi_mdMechanismRSA_GetMinKeySize, - ckcapi_mdMechanismRSA_GetMaxKeySize, - NULL, /* GetInHardware - default false */ - NULL, /* EncryptInit - default errs */ - ckcapi_mdMechanismRSA_DecryptInit, - NULL, /* DigestInit - default errs*/ - ckcapi_mdMechanismRSA_SignInit, - NULL, /* VerifyInit - default errs */ - ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */ - NULL, /* VerifyRecoverInit - default errs */ - NULL, /* GenerateKey - default errs */ - NULL, /* GenerateKeyPair - default errs */ - NULL, /* GetWrapKeyLength - default errs */ - NULL, /* WrapKey - default errs */ - NULL, /* UnwrapKey - default errs */ - NULL, /* DeriveKey - default errs */ - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckcapi_mdMechanismRSA_Destroy, + ckcapi_mdMechanismRSA_GetMinKeySize, + ckcapi_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckcapi_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckcapi_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/capi/csession.c b/nss/lib/ckfw/capi/csession.c index 4c25354..5b268ea 100644 --- a/nss/lib/ckfw/capi/csession.c +++ b/nss/lib/ckfw/capi/csession.c @@ -7,87 +7,81 @@ /* * ckcapi/csession.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "nss to capi" cryptoki module. */ static NSSCKMDFindObjects * -ckcapi_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckcapi_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } static NSSCKMDObject * -ckcapi_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckcapi_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_ckcapi_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_ckcapi_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - rv->CreateObject = ckcapi_mdSession_CreateObject; - /* rv->CopyObject */ - rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckcapi_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/nss/lib/ckfw/capi/cslot.c b/nss/lib/ckfw/capi/cslot.c index 779161f..8a39b78 100644 --- a/nss/lib/ckfw/capi/cslot.c +++ b/nss/lib/ckfw/capi/cslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -ckcapi_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_SlotDescription; + return (NSSUTF8 *)nss_ckcapi_SlotDescription; } static NSSUTF8 * -ckcapi_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static CK_VERSION -ckcapi_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_HardwareVersion; + return nss_ckcapi_HardwareVersion; } static CK_VERSION -ckcapi_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_FirmwareVersion; + return nss_ckcapi_FirmwareVersion; } static NSSCKMDToken * -ckcapi_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_ckcapi_mdToken; + return (NSSCKMDToken *)&nss_ckcapi_mdToken; } NSS_IMPLEMENT_DATA const NSSCKMDSlot -nss_ckcapi_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - ckcapi_mdSlot_GetSlotDescription, - ckcapi_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - ckcapi_mdSlot_GetHardwareVersion, - ckcapi_mdSlot_GetFirmwareVersion, - ckcapi_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckcapi_mdSlot_GetSlotDescription, + ckcapi_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckcapi_mdSlot_GetHardwareVersion, + ckcapi_mdSlot_GetFirmwareVersion, + ckcapi_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/capi/ctoken.c b/nss/lib/ckfw/capi/ctoken.c index 7f0e633..cc95c17 100644 --- a/nss/lib/ckfw/capi/ctoken.c +++ b/nss/lib/ckfw/capi/ctoken.c @@ -12,197 +12,173 @@ */ static NSSUTF8 * -ckcapi_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenLabel; + return (NSSUTF8 *)nss_ckcapi_TokenLabel; } static NSSUTF8 * -ckcapi_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static NSSUTF8 * -ckcapi_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenModel; + return (NSSUTF8 *)nss_ckcapi_TokenModel; } static NSSUTF8 * -ckcapi_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber; + return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber; } static CK_BBOOL -ckcapi_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_FALSE; + return CK_FALSE; } /* fake out Mozilla so we don't try to initialize the token */ static CK_BBOOL -ckcapi_mdToken_GetUserPinInitialized -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetUserPinInitialized( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -ckcapi_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_HardwareVersion; + return nss_ckcapi_HardwareVersion; } static CK_VERSION -ckcapi_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_FirmwareVersion; + return nss_ckcapi_FirmwareVersion; } static NSSCKMDSession * -ckcapi_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +ckcapi_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_ckcapi_CreateSession(fwSession, pError); + return nss_ckcapi_CreateSession(fwSession, pError); } static CK_ULONG -ckcapi_mdToken_GetMechanismCount -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetMechanismCount( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_RV -ckcapi_mdToken_GetMechanismTypes -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] -) +ckcapi_mdToken_GetMechanismTypes( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]) { - types[0] = CKM_RSA_PKCS; - return CKR_OK; + types[0] = CKM_RSA_PKCS; + return CKR_OK; } static NSSCKMDMechanism * -ckcapi_mdToken_GetMechanism -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +ckcapi_mdToken_GetMechanism( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - if (which != CKM_RSA_PKCS) { - *pError = CKR_MECHANISM_INVALID; - return (NSSCKMDMechanism *)NULL; - } - return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA; + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA; } NSS_IMPLEMENT_DATA const NSSCKMDToken -nss_ckcapi_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - ckcapi_mdToken_GetLabel, - ckcapi_mdToken_GetManufacturerID, - ckcapi_mdToken_GetModel, - ckcapi_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - ckcapi_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - ckcapi_mdToken_GetUserPinInitialized, - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - ckcapi_mdToken_GetHardwareVersion, - ckcapi_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - ckcapi_mdToken_OpenSession, - ckcapi_mdToken_GetMechanismCount, - ckcapi_mdToken_GetMechanismTypes, - ckcapi_mdToken_GetMechanism, - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckcapi_mdToken_GetLabel, + ckcapi_mdToken_GetManufacturerID, + ckcapi_mdToken_GetModel, + ckcapi_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckcapi_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckcapi_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckcapi_mdToken_GetHardwareVersion, + ckcapi_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckcapi_mdToken_OpenSession, + ckcapi_mdToken_GetMechanismCount, + ckcapi_mdToken_GetMechanismTypes, + ckcapi_mdToken_GetMechanism, + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/capi/nsscapi.h b/nss/lib/ckfw/capi/nsscapi.h index d983120..78bf38b 100644 --- a/nss/lib/ckfw/capi/nsscapi.h +++ b/nss/lib/ckfw/capi/nsscapi.h @@ -18,7 +18,7 @@ #define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2 #define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear @@ -33,7 +33,7 @@ #define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1 #define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1 #define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0 diff --git a/nss/lib/ckfw/capi/staticobj.c b/nss/lib/ckfw/capi/staticobj.c index c14c812..2d67a34 100644 --- a/nss/lib/ckfw/capi/staticobj.c +++ b/nss/lib/ckfw/capi/staticobj.c @@ -17,22 +17,23 @@ static const CK_BBOOL ck_false = CK_FALSE; static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; /* example of a static object */ -static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1[] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL }; -static const NSSItem nss_ckcapi_items_1 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Mozilla CAPI Access", (PRUint32)20 } +static const NSSItem nss_ckcapi_items_1[] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla CAPI Access", (PRUint32)20 } }; ckcapiInternalObject nss_ckcapi_data[] = { - { ckcapiRaw, - { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , - }, + { + ckcapiRaw, + { 5, nss_ckcapi_types_1, nss_ckcapi_items_1 }, + }, }; diff --git a/nss/lib/ckfw/ckfw.gyp b/nss/lib/ckfw/ckfw.gyp new file mode 100644 index 0000000..40da8d8 --- /dev/null +++ b/nss/lib/ckfw/ckfw.gyp @@ -0,0 +1,34 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'nssckfw', + 'type': 'static_library', + 'sources': [ + 'crypto.c', + 'find.c', + 'hash.c', + 'instance.c', + 'mechanism.c', + 'mutex.c', + 'object.c', + 'session.c', + 'sessobj.c', + 'slot.c', + 'token.c', + 'wrap.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports' + ] + } + ], + 'variables': { + 'module': 'nss' + } +}
\ No newline at end of file diff --git a/nss/lib/ckfw/ckfw.h b/nss/lib/ckfw/ckfw.h index e5d2e1b..d4a2ead 100644 --- a/nss/lib/ckfw/ckfw.h +++ b/nss/lib/ckfw/ckfw.h @@ -40,7 +40,7 @@ * nssCKFWInstance_MayCreatePthreads * nssCKFWInstance_CreateMutex * nssCKFWInstance_GetConfigurationData - * nssCKFWInstance_GetInitArgs + * nssCKFWInstance_GetInitArgs * * -- private accessors -- * nssCKFWInstance_CreateSessionHandle @@ -72,295 +72,240 @@ * */ NSS_EXTERN NSSCKFWInstance * -nssCKFWInstance_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSCKMDInstance *mdInstance, - CK_RV *pError -); +nssCKFWInstance_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError); /* * nssCKFWInstance_Destroy * */ NSS_EXTERN CK_RV -nssCKFWInstance_Destroy -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_Destroy( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetMDInstance * */ NSS_EXTERN NSSCKMDInstance * -nssCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_MayCreatePthreads * */ NSS_EXTERN CK_BBOOL -nssCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_CreateMutex * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nssCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWInstance_GetConfigurationData * */ NSS_EXTERN NSSUTF8 * -nssCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetInitArgs * */ NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR -nssCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_CreateSessionHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWInstance_CreateSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWInstance_CreateSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWInstance_ResolveSessionHandle * */ NSS_EXTERN NSSCKFWSession * -nssCKFWInstance_ResolveSessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +nssCKFWInstance_ResolveSessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * nssCKFWInstance_DestroySessionHandle * */ NSS_EXTERN void -nssCKFWInstance_DestroySessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +nssCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * nssCKFWInstance_FindSessionHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWInstance_FindSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession -); +nssCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession); /* * nssCKFWInstance_CreateObjectHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWInstance_CreateObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWInstance_CreateObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWInstance_ResolveObjectHandle * */ NSS_EXTERN NSSCKFWObject * -nssCKFWInstance_ResolveObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -); +nssCKFWInstance_ResolveObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject); /* * nssCKFWInstance_ReassignObjectHandle * */ NSS_EXTERN CK_RV -nssCKFWInstance_ReassignObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject, - NSSCKFWObject *fwObject -); +nssCKFWInstance_ReassignObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject); /* * nssCKFWInstance_DestroyObjectHandle * */ NSS_EXTERN void -nssCKFWInstance_DestroyObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -); +nssCKFWInstance_DestroyObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject); /* * nssCKFWInstance_FindObjectHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWInstance_FindObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject -); +nssCKFWInstance_FindObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject); /* * nssCKFWInstance_GetNSlots * */ NSS_EXTERN CK_ULONG -nssCKFWInstance_GetNSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetNSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_GetCryptokiVersion * */ NSS_EXTERN CK_VERSION -nssCKFWInstance_GetCryptokiVersion -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetCryptokiVersion( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWInstance_GetManufacturerID -( - NSSCKFWInstance *fwInstance, - CK_CHAR manufacturerID[32] -); +nssCKFWInstance_GetManufacturerID( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32]); /* * nssCKFWInstance_GetFlags * */ NSS_EXTERN CK_ULONG -nssCKFWInstance_GetFlags -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetFlags( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetLibraryDescription * */ NSS_EXTERN CK_RV -nssCKFWInstance_GetLibraryDescription -( - NSSCKFWInstance *fwInstance, - CK_CHAR libraryDescription[32] -); +nssCKFWInstance_GetLibraryDescription( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32]); /* * nssCKFWInstance_GetLibraryVersion * */ NSS_EXTERN CK_VERSION -nssCKFWInstance_GetLibraryVersion -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetLibraryVersion( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetModuleHandlesSessionObjects * */ NSS_EXTERN CK_BBOOL -nssCKFWInstance_GetModuleHandlesSessionObjects -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetModuleHandlesSessionObjects( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetSlots * */ NSS_EXTERN NSSCKFWSlot ** -nssCKFWInstance_GetSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_WaitForSlotEvent * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWInstance_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError -); +nssCKFWInstance_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError); /* * nssCKFWInstance_verifyPointer * */ NSS_EXTERN CK_RV -nssCKFWInstance_verifyPointer -( - const NSSCKFWInstance *fwInstance -); - +nssCKFWInstance_verifyPointer( + const NSSCKFWInstance *fwInstance); /* * NSSCKFWSlot @@ -393,33 +338,27 @@ nssCKFWInstance_verifyPointer * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWSlot_Create -( - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *mdSlot, - CK_SLOT_ID slotID, - CK_RV *pError -); +nssCKFWSlot_Create( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError); /* * nssCKFWSlot_Destroy * */ NSS_EXTERN CK_RV -nssCKFWSlot_Destroy -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_Destroy( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetMDSlot * */ NSS_EXTERN NSSCKMDSlot * -nssCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetFWInstance @@ -427,10 +366,8 @@ nssCKFWSlot_GetMDSlot */ NSS_EXTERN NSSCKFWInstance * -nssCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetMDInstance @@ -438,113 +375,91 @@ nssCKFWSlot_GetFWInstance */ NSS_EXTERN NSSCKMDInstance * -nssCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetSlotID * */ NSS_EXTERN CK_SLOT_ID -nssCKFWSlot_GetSlotID -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetSlotDescription * */ NSS_EXTERN CK_RV -nssCKFWSlot_GetSlotDescription -( - NSSCKFWSlot *fwSlot, - CK_CHAR slotDescription[64] -); +nssCKFWSlot_GetSlotDescription( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64]); /* * nssCKFWSlot_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWSlot_GetManufacturerID -( - NSSCKFWSlot *fwSlot, - CK_CHAR manufacturerID[32] -); +nssCKFWSlot_GetManufacturerID( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32]); /* * nssCKFWSlot_GetTokenPresent * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetTokenPresent -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetTokenPresent( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetRemovableDevice * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetRemovableDevice -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetRemovableDevice( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetHardwareSlot * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetHardwareSlot -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetHardwareSlot( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetHardwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWSlot_GetHardwareVersion -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetHardwareVersion( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetFirmwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWSlot_GetFirmwareVersion -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetFirmwareVersion( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetToken - * + * */ NSS_EXTERN NSSCKFWToken * -nssCKFWSlot_GetToken -( - NSSCKFWSlot *fwSlot, - CK_RV *pError -); +nssCKFWSlot_GetToken( + NSSCKFWSlot *fwSlot, + CK_RV *pError); /* * nssCKFWSlot_ClearToken * */ NSS_EXTERN void -nssCKFWSlot_ClearToken -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_ClearToken( + NSSCKFWSlot *fwSlot); /* * NSSCKFWToken @@ -606,459 +521,371 @@ nssCKFWSlot_ClearToken * */ NSS_EXTERN NSSCKFWToken * -nssCKFWToken_Create -( - NSSCKFWSlot *fwSlot, - NSSCKMDToken *mdToken, - CK_RV *pError -); +nssCKFWToken_Create( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError); /* * nssCKFWToken_Destroy * */ NSS_EXTERN CK_RV -nssCKFWToken_Destroy -( - NSSCKFWToken *fwToken -); +nssCKFWToken_Destroy( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDToken * */ NSS_EXTERN NSSCKMDToken * -nssCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDToken( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -); +nssCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError); /* * nssCKFWToken_GetFWSlot * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDSlot * */ NSS_EXTERN NSSCKMDSlot * -nssCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionState * */ NSS_EXTERN CK_STATE -nssCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionState( + NSSCKFWToken *fwToken); /* * nssCKFWToken_InitToken * */ NSS_EXTERN CK_RV -nssCKFWToken_InitToken -( - NSSCKFWToken *fwToken, - NSSItem *pin, - NSSUTF8 *label -); +nssCKFWToken_InitToken( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label); /* * nssCKFWToken_GetLabel * */ NSS_EXTERN CK_RV -nssCKFWToken_GetLabel -( - NSSCKFWToken *fwToken, - CK_CHAR label[32] -); +nssCKFWToken_GetLabel( + NSSCKFWToken *fwToken, + CK_CHAR label[32]); /* * nssCKFWToken_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWToken_GetManufacturerID -( - NSSCKFWToken *fwToken, - CK_CHAR manufacturerID[32] -); +nssCKFWToken_GetManufacturerID( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32]); /* * nssCKFWToken_GetModel * */ NSS_EXTERN CK_RV -nssCKFWToken_GetModel -( - NSSCKFWToken *fwToken, - CK_CHAR model[16] -); +nssCKFWToken_GetModel( + NSSCKFWToken *fwToken, + CK_CHAR model[16]); /* * nssCKFWToken_GetSerialNumber * */ NSS_EXTERN CK_RV -nssCKFWToken_GetSerialNumber -( - NSSCKFWToken *fwToken, - CK_CHAR serialNumber[16] -); +nssCKFWToken_GetSerialNumber( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16]); /* * nssCKFWToken_GetHasRNG * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasRNG -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasRNG( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetIsWriteProtected * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetIsWriteProtected -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetIsWriteProtected( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetLoginRequired * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetLoginRequired -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetLoginRequired( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetUserPinInitialized * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetUserPinInitialized -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetUserPinInitialized( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRestoreKeyNotNeeded * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetRestoreKeyNotNeeded -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRestoreKeyNotNeeded( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHasClockOnToken * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasClockOnToken -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasClockOnToken( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHasProtectedAuthenticationPath * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasProtectedAuthenticationPath -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasProtectedAuthenticationPath( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSupportsDualCryptoOperations * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetSupportsDualCryptoOperations -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSupportsDualCryptoOperations( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxRwSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxRwSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxRwSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxPinLen * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxPinLen -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxPinLen( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMinPinLen * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMinPinLen -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMinPinLen( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetTotalPublicMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetTotalPublicMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetTotalPublicMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFreePublicMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetFreePublicMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFreePublicMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetTotalPrivateMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetTotalPrivateMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetTotalPrivateMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFreePrivateMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetFreePrivateMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFreePrivateMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHardwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWToken_GetHardwareVersion -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHardwareVersion( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFirmwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWToken_GetFirmwareVersion -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFirmwareVersion( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetUTCTime * */ NSS_EXTERN CK_RV -nssCKFWToken_GetUTCTime -( - NSSCKFWToken *fwToken, - CK_CHAR utcTime[16] -); +nssCKFWToken_GetUTCTime( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16]); /* * nssCKFWToken_OpenSession * */ NSS_EXTERN NSSCKFWSession * -nssCKFWToken_OpenSession -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -); +nssCKFWToken_OpenSession( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError); /* * nssCKFWToken_GetMechanismCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMechanismCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMechanismCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMechanismTypes * */ NSS_EXTERN CK_RV -nssCKFWToken_GetMechanismTypes -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE types[] -); +nssCKFWToken_GetMechanismTypes( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[]); /* * nssCKFWToken_GetMechanism * */ NSS_EXTERN NSSCKFWMechanism * -nssCKFWToken_GetMechanism -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE which, - CK_RV *pError -); +nssCKFWToken_GetMechanism( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError); /* * nssCKFWToken_SetSessionState * */ NSS_EXTERN CK_RV -nssCKFWToken_SetSessionState -( - NSSCKFWToken *fwToken, - CK_STATE newState -); +nssCKFWToken_SetSessionState( + NSSCKFWToken *fwToken, + CK_STATE newState); /* * nssCKFWToken_RemoveSession * */ NSS_EXTERN CK_RV -nssCKFWToken_RemoveSession -( - NSSCKFWToken *fwToken, - NSSCKFWSession *fwSession -); +nssCKFWToken_RemoveSession( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession); /* * nssCKFWToken_CloseAllSessions * */ NSS_EXTERN CK_RV -nssCKFWToken_CloseAllSessions -( - NSSCKFWToken *fwToken -); +nssCKFWToken_CloseAllSessions( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRwSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetRwSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRwSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRoSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetRoSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRoSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionObjectHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetSessionObjectHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionObjectHash( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDObjectHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetMDObjectHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDObjectHash( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetObjectHandleHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetObjectHandleHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetObjectHandleHash( + NSSCKFWToken *fwToken); /* * NSSCKFWMechanism @@ -1107,24 +934,20 @@ nssCKFWToken_GetObjectHandleHash * */ NSS_EXTERN NSSCKFWMechanism * -nssCKFWMechanism_Create -( - NSSCKMDMechanism *mdMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nssCKFWMechanism_Create( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); /* * nssCKFWMechanism_Destroy * */ NSS_EXTERN void -nssCKFWMechanism_Destroy -( - NSSCKFWMechanism *fwMechanism -); +nssCKFWMechanism_Destroy( + NSSCKFWMechanism *fwMechanism); /* * nssCKFWMechanism_GetMDMechanism @@ -1132,43 +955,35 @@ nssCKFWMechanism_Destroy */ NSS_EXTERN NSSCKMDMechanism * -nssCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -); +nssCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism); /* * nssCKFWMechanism_GetMinKeySize * */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetMinKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetMinKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetMaxKeySize * */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetMaxKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetMaxKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetInHardware -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetInHardware( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * the following are determined automatically by which of the cryptographic @@ -1179,305 +994,255 @@ nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanEncrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanEncrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDecrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDecrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDecrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDigest * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDigest -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDigest( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanSign * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSign -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanSign( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanSignRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSignRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanSignRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanVerify * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerify -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanVerify( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanVerifyRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerifyRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanVerifyRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanGenerate * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerate -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanGenerate( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanGenerateKeyPair * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanGenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanWrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanWrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanWrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanUnwrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanUnwrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanUnwrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDerive * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDerive -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDerive( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_EncryptInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_EncryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_EncryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_DecryptInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_DecryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_DecryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_DigestInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_DigestInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession -); +nssCKFWMechanism_DigestInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession); /* * nssCKFWMechanism_SignInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_SignInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_SignRecoverInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_SignRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_VerifyInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_VerifyInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_VerifyRecoverInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_VerifyRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_GenerateKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_GenerateKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWMechanism_GenerateKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWMechanism_GenerateKeyPair */ NSS_EXTERN CK_RV -nssCKFWMechanism_GenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKFWObject **fwPublicKeyObject, - NSSCKFWObject **fwPrivateKeyObject -); +nssCKFWMechanism_GenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject); /* * nssCKFWMechanism_GetWrapKeyLength */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetWrapKeyLength -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWMechanism_GetWrapKeyLength( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWMechanism_WrapKey */ NSS_EXTERN CK_RV -nssCKFWMechanism_WrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwObject, - NSSItem *wrappedKey -); +nssCKFWMechanism_WrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + NSSItem *wrappedKey); /* * nssCKFWMechanism_UnwrapKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_UnwrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); - -/* +nssCKFWMechanism_UnwrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + +/* * nssCKFWMechanism_DeriveKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_DeriveKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwBaseKeyObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWMechanism_DeriveKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * NSSCKFWCryptoOperation @@ -1506,130 +1271,106 @@ nssCKFWMechanism_DeriveKey * nssCKFWCrytoOperation_Create */ NSS_EXTERN NSSCKFWCryptoOperation * -nssCKFWCryptoOperation_Create -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWCryptoOperationType type, - CK_RV *pError -); +nssCKFWCryptoOperation_Create( + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError); /* * nssCKFWCryptoOperation_Destroy */ NSS_EXTERN void -nssCKFWCryptoOperation_Destroy -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_Destroy( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetMDCryptoOperation */ NSS_EXTERN NSSCKMDCryptoOperation * -nssCKFWCryptoOperation_GetMDCryptoOperation -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_GetMDCryptoOperation( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetType */ NSS_EXTERN NSSCKFWCryptoOperationType -nssCKFWCryptoOperation_GetType -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_GetType( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetFinalLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetFinalLength -( - NSSCKFWCryptoOperation *fwOperation, - CK_RV *pError -); +nssCKFWCryptoOperation_GetFinalLength( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError); /* * nssCKFWCryptoOperation_GetOperationLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetOperationLength -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - CK_RV *pError -); +nssCKFWCryptoOperation_GetOperationLength( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError); /* * nssCKFWCryptoOperation_Final */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Final -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_Final( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_Update */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Update -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_Update( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_DigestUpdate */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestUpdate -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer -); +nssCKFWCryptoOperation_DigestUpdate( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer); /* * nssCKFWCryptoOperation_DigestKey */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestKey -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWObject *fwKey -); +nssCKFWCryptoOperation_DigestKey( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwKey); /* * nssCKFWCryptoOperation_UpdateFinal */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateFinal -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_UpdateFinal( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_UpdateCombo */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateCombo -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWCryptoOperation *fwPeerOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_UpdateCombo( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * NSSCKFWSession @@ -1685,434 +1426,360 @@ nssCKFWCryptoOperation_UpdateCombo * */ NSS_EXTERN NSSCKFWSession * -nssCKFWSession_Create -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -); +nssCKFWSession_Create( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError); /* * nssCKFWSession_Destroy * */ NSS_EXTERN CK_RV -nssCKFWSession_Destroy -( - NSSCKFWSession *fwSession, - CK_BBOOL removeFromTokenHash -); +nssCKFWSession_Destroy( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash); /* * nssCKFWSession_GetMDSession * */ NSS_EXTERN NSSCKMDSession * -nssCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetMDSession( + NSSCKFWSession *fwSession); /* * nssCKFWSession_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWSession_CallNotification * */ NSS_EXTERN CK_RV -nssCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -); +nssCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event); /* * nssCKFWSession_IsRWSession * */ NSS_EXTERN CK_BBOOL -nssCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -); +nssCKFWSession_IsRWSession( + NSSCKFWSession *fwSession); /* * nssCKFWSession_IsSO * */ NSS_EXTERN CK_BBOOL -nssCKFWSession_IsSO -( - NSSCKFWSession *fwSession -); +nssCKFWSession_IsSO( + NSSCKFWSession *fwSession); /* * nssCKFWSession_GetFWSlot * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWSession_GetFWSlot -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession); /* * nssCFKWSession_GetSessionState * */ NSS_EXTERN CK_STATE -nssCKFWSession_GetSessionState -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetSessionState( + NSSCKFWSession *fwSession); /* * nssCKFWSession_SetFWFindObjects * */ NSS_EXTERN CK_RV -nssCKFWSession_SetFWFindObjects -( - NSSCKFWSession *fwSession, - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWSession_SetFWFindObjects( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWSession_GetFWFindObjects * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWSession_GetFWFindObjects -( - NSSCKFWSession *fwSesssion, - CK_RV *pError -); +nssCKFWSession_GetFWFindObjects( + NSSCKFWSession *fwSesssion, + CK_RV *pError); /* * nssCKFWSession_SetMDSession * */ NSS_EXTERN CK_RV -nssCKFWSession_SetMDSession -( - NSSCKFWSession *fwSession, - NSSCKMDSession *mdSession -); +nssCKFWSession_SetMDSession( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession); /* * nssCKFWSession_SetHandle * */ NSS_EXTERN CK_RV -nssCKFWSession_SetHandle -( - NSSCKFWSession *fwSession, - CK_SESSION_HANDLE hSession -); +nssCKFWSession_SetHandle( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession); /* * nssCKFWSession_GetHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWSession_GetHandle -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetHandle( + NSSCKFWSession *fwSession); /* * nssCKFWSession_RegisterSessionObject * */ NSS_EXTERN CK_RV -nssCKFWSession_RegisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWSession_RegisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWSession_DeregisterSessionObject * */ NSS_EXTERN CK_RV -nssCKFWSession_DeregisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWSession_DeregisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWSession_GetDeviceError * */ NSS_EXTERN CK_ULONG -nssCKFWSession_GetDeviceError -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetDeviceError( + NSSCKFWSession *fwSession); /* * nssCKFWSession_Login * */ NSS_EXTERN CK_RV -nssCKFWSession_Login -( - NSSCKFWSession *fwSession, - CK_USER_TYPE userType, - NSSItem *pin -); +nssCKFWSession_Login( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin); /* * nssCKFWSession_Logout * */ NSS_EXTERN CK_RV -nssCKFWSession_Logout -( - NSSCKFWSession *fwSession -); +nssCKFWSession_Logout( + NSSCKFWSession *fwSession); /* * nssCKFWSession_InitPIN * */ NSS_EXTERN CK_RV -nssCKFWSession_InitPIN -( - NSSCKFWSession *fwSession, - NSSItem *pin -); +nssCKFWSession_InitPIN( + NSSCKFWSession *fwSession, + NSSItem *pin); /* * nssCKFWSession_SetPIN * */ NSS_EXTERN CK_RV -nssCKFWSession_SetPIN -( - NSSCKFWSession *fwSession, - NSSItem *newPin, - NSSItem *oldPin -); +nssCKFWSession_SetPIN( + NSSCKFWSession *fwSession, + NSSItem *newPin, + NSSItem *oldPin); /* * nssCKFWSession_GetOperationStateLen * */ NSS_EXTERN CK_ULONG -nssCKFWSession_GetOperationStateLen -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWSession_GetOperationStateLen( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWSession_GetOperationState * */ NSS_EXTERN CK_RV -nssCKFWSession_GetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *buffer -); +nssCKFWSession_GetOperationState( + NSSCKFWSession *fwSession, + NSSItem *buffer); /* * nssCKFWSession_SetOperationState * */ NSS_EXTERN CK_RV -nssCKFWSession_SetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *state, - NSSCKFWObject *encryptionKey, - NSSCKFWObject *authenticationKey -); +nssCKFWSession_SetOperationState( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey); /* * nssCKFWSession_CreateObject * */ NSS_EXTERN NSSCKFWObject * -nssCKFWSession_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_CopyObject * */ NSS_EXTERN NSSCKFWObject * -nssCKFWSession_CopyObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *object, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_CopyObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *object, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_FindObjectsInit * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWSession_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_SetCurrentCryptoOperation */ NSS_IMPLEMENT void -nssCKFWSession_SetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperation * fwOperation, - NSSCKFWCryptoOperationState state -); +nssCKFWSession_SetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperationState state); /* * nssCKFWSession_GetCurrentCryptoOperation */ NSS_IMPLEMENT NSSCKFWCryptoOperation * -nssCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -); +nssCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state); /* * nssCKFWSession_Final * (terminate a cryptographic operation and get the result) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Final -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_Final( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_Update * (get the next step of an encrypt/decrypt operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Update -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_Update( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_DigestUpdate * (do the next step of an digest/sign/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestUpdate -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen -); +nssCKFWSession_DigestUpdate( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen); /* * nssCKFWSession_DigestKey * (do the next step of an digest/sign/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestKey -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwKey -); +nssCKFWSession_DigestKey( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey); /* * nssCKFWSession_UpdateFinal * (do a single-step of a cryptographic operation and get the result) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateFinal -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_UpdateFinal( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_UpdateCombo * (do a combination encrypt/decrypt and sign/digest/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateCombo -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType encryptType, - NSSCKFWCryptoOperationType digestType, - NSSCKFWCryptoOperationState digestState, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_UpdateCombo( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_SeedRandom * */ NSS_EXTERN CK_RV -nssCKFWSession_SeedRandom -( - NSSCKFWSession *fwSession, - NSSItem *seed -); +nssCKFWSession_SeedRandom( + NSSCKFWSession *fwSession, + NSSItem *seed); /* * nssCKFWSession_GetRandom * */ NSS_EXTERN CK_RV -nssCKFWSession_GetRandom -( - NSSCKFWSession *fwSession, - NSSItem *buffer -); +nssCKFWSession_GetRandom( + NSSCKFWSession *fwSession, + NSSItem *buffer); /* * NSSCKFWObject @@ -2145,123 +1812,101 @@ nssCKFWSession_GetRandom * */ NSS_EXTERN NSSCKFWObject * -nssCKFWObject_Create -( - NSSArena *arena, - NSSCKMDObject *mdObject, - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWObject_Create( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWObject_Finalize * */ NSS_EXTERN void -nssCKFWObject_Finalize -( - NSSCKFWObject *fwObject, - PRBool removeFromHash -); +nssCKFWObject_Finalize( + NSSCKFWObject *fwObject, + PRBool removeFromHash); /* * nssCKFWObject_Destroy * */ NSS_EXTERN void -nssCKFWObject_Destroy -( - NSSCKFWObject *fwObject -); +nssCKFWObject_Destroy( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetMDObject * */ NSS_EXTERN NSSCKMDObject * -nssCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -); +nssCKFWObject_GetMDObject( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWObject_SetHandle * */ NSS_EXTERN CK_RV -nssCKFWObject_SetHandle -( - NSSCKFWObject *fwObject, - CK_OBJECT_HANDLE hObject -); +nssCKFWObject_SetHandle( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject); /* * nssCKFWObject_GetHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWObject_GetHandle -( - NSSCKFWObject *fwObject -); +nssCKFWObject_GetHandle( + NSSCKFWObject *fwObject); /* * nssCKFWObject_IsTokenObject * */ NSS_EXTERN CK_BBOOL -nssCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -); +nssCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetAttributeCount * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWObject_GetAttributeTypes * */ NSS_EXTERN CK_RV -nssCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +nssCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); /* * nssCKFWObject_GetAttributeSize * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nssCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); /* * nssCKFWObject_GetAttribute @@ -2274,38 +1919,32 @@ nssCKFWObject_GetAttributeSize * specified. */ NSS_EXTERN NSSItem * -nssCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -); +nssCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError); /* * nssCKFWObject_SetAttribute * */ NSS_EXTERN CK_RV -nssCKFWObject_SetAttribute -( - NSSCKFWObject *fwObject, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -); +nssCKFWObject_SetAttribute( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); /* * nssCKFWObject_GetObjectSize * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWFindObjects @@ -2328,47 +1967,39 @@ nssCKFWObject_GetObjectSize * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWFindObjects_Create -( - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - NSSCKMDFindObjects *mdFindObjects1, - NSSCKMDFindObjects *mdFindObjects2, - CK_RV *pError -); +nssCKFWFindObjects_Create( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError); /* * nssCKFWFindObjects_Destroy * */ NSS_EXTERN void -nssCKFWFindObjects_Destroy -( - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWFindObjects_Destroy( + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWFindObjects_GetMDFindObjects * */ NSS_EXTERN NSSCKMDFindObjects * -nssCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWFindObjects_Next * */ NSS_EXTERN NSSCKFWObject * -nssCKFWFindObjects_Next -( - NSSCKFWFindObjects *fwFindObjects, - NSSArena *arenaOpt, - CK_RV *pError -); +nssCKFWFindObjects_Next( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError); /* * NSSCKFWMutex @@ -2385,42 +2016,34 @@ nssCKFWFindObjects_Next * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWMutex_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSArena *arena, - CK_RV *pError -); +nssCKFWMutex_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Destroy( + NSSCKFWMutex *mutex); /* * nssCKFWMutex_Lock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Lock -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Lock( + NSSCKFWMutex *mutex); /* * nssCKFWMutex_Unlock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Unlock( + NSSCKFWMutex *mutex); #endif /* CKFW_H */ diff --git a/nss/lib/ckfw/ckfwm.h b/nss/lib/ckfw/ckfwm.h index ed0aec3..7b14d20 100644 --- a/nss/lib/ckfw/ckfwm.h +++ b/nss/lib/ckfw/ckfwm.h @@ -41,88 +41,72 @@ * */ NSS_EXTERN nssCKFWHash * -nssCKFWHash_Create -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nssCKFWHash_Create( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWHash_Destroy * */ NSS_EXTERN void -nssCKFWHash_Destroy -( - nssCKFWHash *hash -); +nssCKFWHash_Destroy( + nssCKFWHash *hash); /* * nssCKFWHash_Add * */ NSS_EXTERN CK_RV -nssCKFWHash_Add -( - nssCKFWHash *hash, - const void *key, - const void *value -); +nssCKFWHash_Add( + nssCKFWHash *hash, + const void *key, + const void *value); /* * nssCKFWHash_Remove * */ NSS_EXTERN void -nssCKFWHash_Remove -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Remove( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Count * */ NSS_EXTERN CK_ULONG -nssCKFWHash_Count -( - nssCKFWHash *hash -); +nssCKFWHash_Count( + nssCKFWHash *hash); /* * nssCKFWHash_Exists * */ NSS_EXTERN CK_BBOOL -nssCKFWHash_Exists -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Exists( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Lookup * */ NSS_EXTERN void * -nssCKFWHash_Lookup -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Lookup( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Iterate * */ NSS_EXTERN void -nssCKFWHash_Iterate -( - nssCKFWHash *hash, - nssCKFWHashIterator fcn, - void *closure -); +nssCKFWHash_Iterate( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure); #endif /* CKFWM_H */ diff --git a/nss/lib/ckfw/ckfwtm.h b/nss/lib/ckfw/ckfwtm.h index ac8f550..6702984 100644 --- a/nss/lib/ckfw/ckfwtm.h +++ b/nss/lib/ckfw/ckfwtm.h @@ -18,6 +18,6 @@ struct nssCKFWHashStr; typedef struct nssCKFWHashStr nssCKFWHash; -typedef void (PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure); +typedef void(PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure); #endif /* CKFWTM_H */ diff --git a/nss/lib/ckfw/ckmd.h b/nss/lib/ckfw/ckmd.h index 0a6dc90..820cf90 100644 --- a/nss/lib/ckfw/ckmd.h +++ b/nss/lib/ckfw/ckmd.h @@ -11,22 +11,18 @@ */ NSS_EXTERN NSSCKMDObject * -nssCKMDSessionObject_Create -( - NSSCKFWToken *fwToken, - NSSArena *arena, - CK_ATTRIBUTE_PTR attributes, - CK_ULONG ulCount, - CK_RV *pError -); +nssCKMDSessionObject_Create( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nssCKMDFindSessionObjects_Create -( - NSSCKFWToken *fwToken, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_RV *pError -); +nssCKMDFindSessionObjects_Create( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError); #endif /* CKMD_H */ diff --git a/nss/lib/ckfw/crypto.c b/nss/lib/ckfw/crypto.c index d97cf6c..66afb77 100644 --- a/nss/lib/ckfw/crypto.c +++ b/nss/lib/ckfw/crypto.c @@ -35,15 +35,15 @@ */ struct NSSCKFWCryptoOperationStr { - /* NSSArena *arena; */ - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKFWSession *fwSession; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; - NSSCKFWCryptoOperationType type; + /* NSSArena *arena; */ + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + NSSCKFWCryptoOperationType type; }; /* @@ -51,290 +51,268 @@ struct NSSCKFWCryptoOperationStr { */ NSS_EXTERN NSSCKFWCryptoOperation * nssCKFWCryptoOperation_Create( - NSSCKMDCryptoOperation *mdOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWCryptoOperationType type, - CK_RV *pError -) + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError) { - NSSCKFWCryptoOperation *fwOperation; - fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation); - if (!fwOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWCryptoOperation *)NULL; - } - fwOperation->mdOperation = mdOperation; - fwOperation->mdSession = mdSession; - fwOperation->fwSession = fwSession; - fwOperation->mdToken = mdToken; - fwOperation->fwToken = fwToken; - fwOperation->mdInstance = mdInstance; - fwOperation->fwInstance = fwInstance; - fwOperation->type = type; - return fwOperation; + NSSCKFWCryptoOperation *fwOperation; + fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation); + if (!fwOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWCryptoOperation *)NULL; + } + fwOperation->mdOperation = mdOperation; + fwOperation->mdSession = mdSession; + fwOperation->fwSession = fwSession; + fwOperation->mdToken = mdToken; + fwOperation->fwToken = fwToken; + fwOperation->mdInstance = mdInstance; + fwOperation->fwInstance = fwInstance; + fwOperation->type = type; + return fwOperation; } /* * nssCKFWCryptoOperation_Destroy */ NSS_EXTERN void -nssCKFWCryptoOperation_Destroy -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_Destroy( + NSSCKFWCryptoOperation *fwOperation) { - if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) { - if (fwOperation->mdOperation->Destroy) { - fwOperation->mdOperation->Destroy( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdInstance, - fwOperation->fwInstance); + if ((NSSCKMDCryptoOperation *)NULL != fwOperation->mdOperation) { + if (fwOperation->mdOperation->Destroy) { + fwOperation->mdOperation->Destroy( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdInstance, + fwOperation->fwInstance); + } } - } - nss_ZFreeIf(fwOperation); + nss_ZFreeIf(fwOperation); } /* * nssCKFWCryptoOperation_GetMDCryptoOperation */ NSS_EXTERN NSSCKMDCryptoOperation * -nssCKFWCryptoOperation_GetMDCryptoOperation -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_GetMDCryptoOperation( + NSSCKFWCryptoOperation *fwOperation) { - return fwOperation->mdOperation; + return fwOperation->mdOperation; } /* * nssCKFWCryptoOperation_GetType */ NSS_EXTERN NSSCKFWCryptoOperationType -nssCKFWCryptoOperation_GetType -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_GetType( + NSSCKFWCryptoOperation *fwOperation) { - return fwOperation->type; + return fwOperation->type; } /* * nssCKFWCryptoOperation_GetFinalLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetFinalLength -( - NSSCKFWCryptoOperation *fwOperation, - CK_RV *pError -) +nssCKFWCryptoOperation_GetFinalLength( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError) { - if (!fwOperation->mdOperation->GetFinalLength) { - *pError = CKR_FUNCTION_FAILED; - return 0; - } - return fwOperation->mdOperation->GetFinalLength( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - pError); + if (!fwOperation->mdOperation->GetFinalLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetFinalLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + pError); } /* * nssCKFWCryptoOperation_GetOperationLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetOperationLength -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - CK_RV *pError -) +nssCKFWCryptoOperation_GetOperationLength( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError) { - if (!fwOperation->mdOperation->GetOperationLength) { - *pError = CKR_FUNCTION_FAILED; - return 0; - } - return fwOperation->mdOperation->GetOperationLength( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - pError); + if (!fwOperation->mdOperation->GetOperationLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetOperationLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + pError); } /* * nssCKFWCryptoOperation_Final */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Final -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_Final( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->Final) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->Final( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - outputBuffer); + if (!fwOperation->mdOperation->Final) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Final( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + outputBuffer); } /* * nssCKFWCryptoOperation_Update */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Update -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_Update( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->Update) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->Update( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->Update) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Update( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } /* * nssCKFWCryptoOperation_DigestUpdate */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestUpdate -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer -) +nssCKFWCryptoOperation_DigestUpdate( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer) { - if (!fwOperation->mdOperation->DigestUpdate) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->DigestUpdate( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer); + if (!fwOperation->mdOperation->DigestUpdate) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->DigestUpdate( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer); } /* * nssCKFWCryptoOperation_DigestKey */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestKey -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWObject *fwObject /* Key */ -) +nssCKFWCryptoOperation_DigestKey( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwObject /* Key */ + ) { - NSSCKMDObject *mdObject; + NSSCKMDObject *mdObject; - if (!fwOperation->mdOperation->DigestKey) { - return CKR_FUNCTION_FAILED; - } - mdObject = nssCKFWObject_GetMDObject(fwObject); - return fwOperation->mdOperation->DigestKey( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - mdObject, - fwObject); + if (!fwOperation->mdOperation->DigestKey) { + return CKR_FUNCTION_FAILED; + } + mdObject = nssCKFWObject_GetMDObject(fwObject); + return fwOperation->mdOperation->DigestKey( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + mdObject, + fwObject); } /* * nssCKFWCryptoOperation_UpdateFinal */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateFinal -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_UpdateFinal( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->UpdateFinal) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->UpdateFinal( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->UpdateFinal) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateFinal( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } /* * nssCKFWCryptoOperation_UpdateCombo */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateCombo -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWCryptoOperation *fwPeerOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_UpdateCombo( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->UpdateCombo) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->UpdateCombo( - fwOperation->mdOperation, - fwOperation, - fwPeerOperation->mdOperation, - fwPeerOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->UpdateCombo) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateCombo( + fwOperation->mdOperation, + fwOperation, + fwPeerOperation->mdOperation, + fwPeerOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } diff --git a/nss/lib/ckfw/dbm/anchor.c b/nss/lib/ckfw/dbm/anchor.c index f004b1e..c904d25 100644 --- a/nss/lib/ckfw/dbm/anchor.c +++ b/nss/lib/ckfw/dbm/anchor.c @@ -6,7 +6,7 @@ * dbm/anchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ diff --git a/nss/lib/ckfw/dbm/ckdbm.h b/nss/lib/ckfw/dbm/ckdbm.h index 4f9df93..8c2607c 100644 --- a/nss/lib/ckfw/dbm/ckdbm.h +++ b/nss/lib/ckfw/dbm/ckdbm.h @@ -29,220 +29,182 @@ NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; typedef struct nss_dbm_db_struct nss_dbm_db_t; struct nss_dbm_db_struct { - DB *db; - NSSCKFWMutex *crustylock; + DB *db; + NSSCKFWMutex *crustylock; }; typedef struct nss_dbm_dbt_struct nss_dbm_dbt_t; struct nss_dbm_dbt_struct { - DBT dbt; - nss_dbm_db_t *my_db; + DBT dbt; + nss_dbm_db_t *my_db; }; typedef struct nss_dbm_instance_struct nss_dbm_instance_t; struct nss_dbm_instance_struct { - NSSArena *arena; - CK_ULONG nSlots; - char **filenames; - int *flags; /* e.g. O_RDONLY, O_RDWR */ + NSSArena *arena; + CK_ULONG nSlots; + char **filenames; + int *flags; /* e.g. O_RDONLY, O_RDWR */ }; typedef struct nss_dbm_slot_struct nss_dbm_slot_t; struct nss_dbm_slot_struct { - nss_dbm_instance_t *instance; - char *filename; - int flags; - nss_dbm_db_t *token_db; + nss_dbm_instance_t *instance; + char *filename; + int flags; + nss_dbm_db_t *token_db; }; typedef struct nss_dbm_token_struct nss_dbm_token_t; struct nss_dbm_token_struct { - NSSArena *arena; - nss_dbm_slot_t *slot; - nss_dbm_db_t *session_db; - NSSUTF8 *label; + NSSArena *arena; + nss_dbm_slot_t *slot; + nss_dbm_db_t *session_db; + NSSUTF8 *label; }; struct nss_dbm_dbt_node { - struct nss_dbm_dbt_node *next; - nss_dbm_dbt_t *dbt; + struct nss_dbm_dbt_node *next; + nss_dbm_dbt_t *dbt; }; typedef struct nss_dbm_session_struct nss_dbm_session_t; struct nss_dbm_session_struct { - NSSArena *arena; - nss_dbm_token_t *token; - CK_ULONG deviceError; - struct nss_dbm_dbt_node *session_objects; - NSSCKFWMutex *list_lock; + NSSArena *arena; + nss_dbm_token_t *token; + CK_ULONG deviceError; + struct nss_dbm_dbt_node *session_objects; + NSSCKFWMutex *list_lock; }; typedef struct nss_dbm_object_struct nss_dbm_object_t; struct nss_dbm_object_struct { - NSSArena *arena; /* token or session */ - nss_dbm_dbt_t *handle; + NSSArena *arena; /* token or session */ + nss_dbm_dbt_t *handle; }; typedef struct nss_dbm_find_struct nss_dbm_find_t; struct nss_dbm_find_struct { - NSSArena *arena; - struct nss_dbm_dbt_node *found; - NSSCKFWMutex *list_lock; + NSSArena *arena; + struct nss_dbm_dbt_node *found; + NSSCKFWMutex *list_lock; }; NSS_EXTERN NSSCKMDSlot * -nss_dbm_mdSlot_factory -( - nss_dbm_instance_t *instance, - char *filename, - int flags, - CK_RV *pError -); +nss_dbm_mdSlot_factory( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError); NSS_EXTERN NSSCKMDToken * -nss_dbm_mdToken_factory -( - nss_dbm_slot_t *slot, - CK_RV *pError -); +nss_dbm_mdToken_factory( + nss_dbm_slot_t *slot, + CK_RV *pError); NSS_EXTERN NSSCKMDSession * -nss_dbm_mdSession_factory -( - nss_dbm_token_t *token, - NSSCKFWSession *fwSession, - NSSCKFWInstance *fwInstance, - CK_BBOOL rw, - CK_RV *pError -); +nss_dbm_mdSession_factory( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_dbm_mdObject_factory -( - nss_dbm_object_t *object, - CK_RV *pError -); +nss_dbm_mdObject_factory( + nss_dbm_object_t *object, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_dbm_mdFindObjects_factory -( - nss_dbm_find_t *find, - CK_RV *pError -); +nss_dbm_mdFindObjects_factory( + nss_dbm_find_t *find, + CK_RV *pError); NSS_EXTERN nss_dbm_db_t * -nss_dbm_db_open -( - NSSArena *arena, - NSSCKFWInstance *fwInstance, - char *filename, - int flags, - CK_RV *pError -); +nss_dbm_db_open( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError); NSS_EXTERN void -nss_dbm_db_close -( - nss_dbm_db_t *db -); +nss_dbm_db_close( + nss_dbm_db_t *db); NSS_EXTERN CK_VERSION -nss_dbm_db_get_format_version -( - nss_dbm_db_t *db -); +nss_dbm_db_get_format_version( + nss_dbm_db_t *db); NSS_EXTERN CK_RV -nss_dbm_db_set_label -( - nss_dbm_db_t *db, - NSSUTF8 *label -); +nss_dbm_db_set_label( + nss_dbm_db_t *db, + NSSUTF8 *label); NSS_EXTERN NSSUTF8 * -nss_dbm_db_get_label -( - nss_dbm_db_t *db, - NSSArena *arena, - CK_RV *pError -); +nss_dbm_db_get_label( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError); NSS_EXTERN CK_RV -nss_dbm_db_delete_object -( - nss_dbm_dbt_t *dbt -); +nss_dbm_db_delete_object( + nss_dbm_dbt_t *dbt); NSS_EXTERN nss_dbm_dbt_t * -nss_dbm_db_create_object -( - NSSArena *arena, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_create_object( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_find_objects -( - nss_dbm_find_t *find, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_ULONG *pdbrv -); +nss_dbm_db_find_objects( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv); NSS_EXTERN CK_BBOOL -nss_dbm_db_object_still_exists -( - nss_dbm_dbt_t *dbt -); +nss_dbm_db_object_still_exists( + nss_dbm_dbt_t *dbt); NSS_EXTERN CK_ULONG -nss_dbm_db_get_object_attribute_count -( - nss_dbm_dbt_t *dbt, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_count( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_get_object_attribute_types -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_types( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv); NSS_EXTERN CK_ULONG -nss_dbm_db_get_object_attribute_size -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_size( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN NSSItem * -nss_dbm_db_get_object_attribute -( - nss_dbm_dbt_t *dbt, - NSSArena *arena, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_set_object_attribute -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - NSSItem *value, - CK_ULONG *pdbrv -); +nss_dbm_db_set_object_attribute( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv); #endif /* CKDBM_H */ diff --git a/nss/lib/ckfw/dbm/db.c b/nss/lib/ckfw/dbm/db.c index 8d0a6cb..bbf2b95 100644 --- a/nss/lib/ckfw/dbm/db.c +++ b/nss/lib/ckfw/dbm/db.c @@ -5,303 +5,288 @@ #include "ckdbm.h" #define PREFIX_METADATA "0000" -#define PREFIX_OBJECT "0001" -#define PREFIX_INDEX "0002" +#define PREFIX_OBJECT "0001" +#define PREFIX_INDEX "0002" static CK_VERSION nss_dbm_db_format_version = { 1, 0 }; struct handle { - char prefix[4]; - CK_ULONG id; + char prefix[4]; + CK_ULONG id; }; NSS_IMPLEMENT nss_dbm_db_t * -nss_dbm_db_open -( - NSSArena *arena, - NSSCKFWInstance *fwInstance, - char *filename, - int flags, - CK_RV *pError -) +nss_dbm_db_open( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError) { - nss_dbm_db_t *rv; - CK_VERSION db_version; - - rv = nss_ZNEW(arena, nss_dbm_db_t); - if( (nss_dbm_db_t *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_db_t *)NULL; - } - - rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL); - if( (DB *)NULL == rv->db ) { - *pError = CKR_TOKEN_NOT_PRESENT; - return (nss_dbm_db_t *)NULL; - } - - rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == rv->crustylock ) { - return (nss_dbm_db_t *)NULL; - } - - db_version = nss_dbm_db_get_format_version(rv); - if( db_version.major != nss_dbm_db_format_version.major ) { - nss_dbm_db_close(rv); - *pError = CKR_TOKEN_NOT_RECOGNIZED; - return (nss_dbm_db_t *)NULL; - } - - return rv; + nss_dbm_db_t *rv; + CK_VERSION db_version; + + rv = nss_ZNEW(arena, nss_dbm_db_t); + if ((nss_dbm_db_t *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_db_t *)NULL; + } + + rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL); + if ((DB *)NULL == rv->db) { + *pError = CKR_TOKEN_NOT_PRESENT; + return (nss_dbm_db_t *)NULL; + } + + rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == rv->crustylock) { + return (nss_dbm_db_t *)NULL; + } + + db_version = nss_dbm_db_get_format_version(rv); + if (db_version.major != nss_dbm_db_format_version.major) { + nss_dbm_db_close(rv); + *pError = CKR_TOKEN_NOT_RECOGNIZED; + return (nss_dbm_db_t *)NULL; + } + + return rv; } NSS_IMPLEMENT void -nss_dbm_db_close -( - nss_dbm_db_t *db -) +nss_dbm_db_close( + nss_dbm_db_t *db) { - if( (NSSCKFWMutex *)NULL != db->crustylock ) { - (void)NSSCKFWMutex_Destroy(db->crustylock); - } + if ((NSSCKFWMutex *)NULL != db->crustylock) { + (void)NSSCKFWMutex_Destroy(db->crustylock); + } - if( (DB *)NULL != db->db ) { - (void)db->db->close(db->db); - } + if ((DB *)NULL != db->db) { + (void)db->db->close(db->db); + } - nss_ZFreeIf(db); + nss_ZFreeIf(db); } NSS_IMPLEMENT CK_VERSION -nss_dbm_db_get_format_version -( - nss_dbm_db_t *db -) +nss_dbm_db_get_format_version( + nss_dbm_db_t *db) { - CK_VERSION rv; - DBT k, v; - int dbrv; - char buffer[64]; + CK_VERSION rv; + DBT k, v; + int dbrv; + char buffer[64]; + + rv.major = rv.minor = 0; - rv.major = rv.minor = 0; + k.data = PREFIX_METADATA "FormatVersion"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); - k.data = PREFIX_METADATA "FormatVersion"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - (void)memset(&v, 0, sizeof(v)); + /* Locked region */ + { + if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) { + return rv; + } - /* Locked region */ - { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { - return rv; - } + dbrv = db->db->get(db->db, &k, &v, 0); + if (dbrv == 0) { + CK_ULONG major = 0, minor = 0; + (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); + rv.major = major; + rv.minor = minor; + } else if (dbrv > 0) { + (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, + nss_dbm_db_format_version.minor); + v.data = buffer; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); + dbrv = db->db->put(db->db, &k, &v, 0); + (void)db->db->sync(db->db, 0); + rv = nss_dbm_db_format_version; + } else { + /* No error return.. */ + ; + } - dbrv = db->db->get(db->db, &k, &v, 0); - if( dbrv == 0 ) { - CK_ULONG major = 0, minor = 0; - (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); - rv.major = major; - rv.minor = minor; - } else if( dbrv > 0 ) { - (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, - nss_dbm_db_format_version.minor); - v.data = buffer; - v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - dbrv = db->db->put(db->db, &k, &v, 0); - (void)db->db->sync(db->db, 0); - rv = nss_dbm_db_format_version; - } else { - /* No error return.. */ - ; + (void)NSSCKFWMutex_Unlock(db->crustylock); } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } - - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_set_label -( - nss_dbm_db_t *db, - NSSUTF8 *label -) +nss_dbm_db_set_label( + nss_dbm_db_t *db, + NSSUTF8 *label) { - CK_RV rv; - DBT k, v; - int dbrv; - - k.data = PREFIX_METADATA "Label"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - v.data = label; - v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv; + DBT k, v; + int dbrv; - dbrv = db->db->put(db->db, &k, &v, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - } + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + v.data = label; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - dbrv = db->db->sync(db->db, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != rv) { + return rv; + } + + dbrv = db->db->put(db->db, &k, &v, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + } + + dbrv = db->db->sync(db->db, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT NSSUTF8 * -nss_dbm_db_get_label -( - nss_dbm_db_t *db, - NSSArena *arena, - CK_RV *pError -) +nss_dbm_db_get_label( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError) { - NSSUTF8 *rv = (NSSUTF8 *)NULL; - DBT k, v; - int dbrv; - - k.data = PREFIX_METADATA "Label"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + NSSUTF8 *rv = (NSSUTF8 *)NULL; + DBT k, v; + int dbrv; - /* Locked region */ - { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { - return rv; - } + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - dbrv = db->db->get(db->db, &k, &v, 0); - if( 0 == dbrv ) { - rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena); - if( (NSSUTF8 *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - } - } else if( dbrv > 0 ) { - /* Just return null */ - ; - } else { - *pError = CKR_DEVICE_ERROR; - ; - } + /* Locked region */ + { + if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) { + return rv; + } + dbrv = db->db->get(db->db, &k, &v, 0); + if (0 == dbrv) { + rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena); + if ((NSSUTF8 *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + } + } else if (dbrv > 0) { + /* Just return null */ + ; + } else { + *pError = CKR_DEVICE_ERROR; + ; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_delete_object -( - nss_dbm_dbt_t *dbt -) +nss_dbm_db_delete_object( + nss_dbm_dbt_t *dbt) { - CK_RV rv; - int dbrv; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv; + int dbrv; - dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + return rv; + } - dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - return rv; + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; } static CK_ULONG -nss_dbm_db_new_handle -( - nss_dbm_db_t *db, - DBT *dbt, /* pre-allocated */ - CK_RV *pError -) +nss_dbm_db_new_handle( + nss_dbm_db_t *db, + DBT *dbt, /* pre-allocated */ + CK_RV *pError) { - CK_ULONG rv; - DBT k, v; - CK_ULONG align = 0, id, myid; - struct handle *hp; - - if( sizeof(struct handle) != dbt->size ) { - return EINVAL; - } - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != *pError ) { - return EINVAL; + CK_ULONG rv; + DBT k, v; + CK_ULONG align = 0, id, myid; + struct handle *hp; + + if (sizeof(struct handle) != dbt->size) { + return EINVAL; } - k.data = PREFIX_METADATA "LastID"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - (void)memset(&v, 0, sizeof(v)); + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != *pError) { + return EINVAL; + } - rv = db->db->get(db->db, &k, &v, 0); - if( 0 == rv ) { - (void)memcpy(&align, v.data, sizeof(CK_ULONG)); - id = ntohl(align); - } else if( rv > 0 ) { - id = 0; - } else { - goto done; - } + k.data = PREFIX_METADATA "LastID"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); + + rv = db->db->get(db->db, &k, &v, 0); + if (0 == rv) { + (void)memcpy(&align, v.data, sizeof(CK_ULONG)); + id = ntohl(align); + } else if (rv > 0) { + id = 0; + } else { + goto done; + } - myid = id; - id++; - align = htonl(id); - v.data = &align; - v.size = sizeof(CK_ULONG); + myid = id; + id++; + align = htonl(id); + v.data = &align; + v.size = sizeof(CK_ULONG); - rv = db->db->put(db->db, &k, &v, 0); - if( 0 != rv ) { - goto done; - } + rv = db->db->put(db->db, &k, &v, 0); + if (0 != rv) { + goto done; + } - rv = db->db->sync(db->db, 0); - if( 0 != rv ) { - goto done; - } + rv = db->db->sync(db->db, 0); + if (0 != rv) { + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + done: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - if( 0 != rv ) { - return rv; - } + if (0 != rv) { + return rv; + } - hp = (struct handle *)dbt->data; - (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4); - hp->id = myid; + hp = (struct handle *)dbt->data; + (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4); + hp->id = myid; - return 0; + return 0; } /* @@ -311,723 +296,774 @@ nss_dbm_db_new_handle * will have to be augmentable or overridable by a Module. */ -enum swap_type { type_byte, type_short, type_long, type_opaque }; +enum swap_type { type_byte, + type_short, + type_long, + type_opaque }; static enum swap_type -nss_dbm_db_swap_type -( - CK_ATTRIBUTE_TYPE type -) +nss_dbm_db_swap_type( + CK_ATTRIBUTE_TYPE type) { - switch( type ) { - case CKA_CLASS: return type_long; - case CKA_TOKEN: return type_byte; - case CKA_PRIVATE: return type_byte; - case CKA_LABEL: return type_opaque; - case CKA_APPLICATION: return type_opaque; - case CKA_VALUE: return type_opaque; - case CKA_CERTIFICATE_TYPE: return type_long; - case CKA_ISSUER: return type_opaque; - case CKA_SERIAL_NUMBER: return type_opaque; - case CKA_KEY_TYPE: return type_long; - case CKA_SUBJECT: return type_opaque; - case CKA_ID: return type_opaque; - case CKA_SENSITIVE: return type_byte; - case CKA_ENCRYPT: return type_byte; - case CKA_DECRYPT: return type_byte; - case CKA_WRAP: return type_byte; - case CKA_UNWRAP: return type_byte; - case CKA_SIGN: return type_byte; - case CKA_SIGN_RECOVER: return type_byte; - case CKA_VERIFY: return type_byte; - case CKA_VERIFY_RECOVER: return type_byte; - case CKA_DERIVE: return type_byte; - case CKA_START_DATE: return type_opaque; - case CKA_END_DATE: return type_opaque; - case CKA_MODULUS: return type_opaque; - case CKA_MODULUS_BITS: return type_long; - case CKA_PUBLIC_EXPONENT: return type_opaque; - case CKA_PRIVATE_EXPONENT: return type_opaque; - case CKA_PRIME_1: return type_opaque; - case CKA_PRIME_2: return type_opaque; - case CKA_EXPONENT_1: return type_opaque; - case CKA_EXPONENT_2: return type_opaque; - case CKA_COEFFICIENT: return type_opaque; - case CKA_PRIME: return type_opaque; - case CKA_SUBPRIME: return type_opaque; - case CKA_BASE: return type_opaque; - case CKA_VALUE_BITS: return type_long; - case CKA_VALUE_LEN: return type_long; - case CKA_EXTRACTABLE: return type_byte; - case CKA_LOCAL: return type_byte; - case CKA_NEVER_EXTRACTABLE: return type_byte; - case CKA_ALWAYS_SENSITIVE: return type_byte; - case CKA_MODIFIABLE: return type_byte; - case CKA_NETSCAPE_URL: return type_opaque; - case CKA_NETSCAPE_EMAIL: return type_opaque; - case CKA_NETSCAPE_SMIME_INFO: return type_opaque; - case CKA_NETSCAPE_SMIME_TIMESTAMP: return type_opaque; - case CKA_NETSCAPE_PKCS8_SALT: return type_opaque; - case CKA_NETSCAPE_PASSWORD_CHECK: return type_opaque; - case CKA_NETSCAPE_EXPIRES: return type_opaque; - case CKA_TRUST_DIGITAL_SIGNATURE: return type_long; - case CKA_TRUST_NON_REPUDIATION: return type_long; - case CKA_TRUST_KEY_ENCIPHERMENT: return type_long; - case CKA_TRUST_DATA_ENCIPHERMENT: return type_long; - case CKA_TRUST_KEY_AGREEMENT: return type_long; - case CKA_TRUST_KEY_CERT_SIGN: return type_long; - case CKA_TRUST_CRL_SIGN: return type_long; - case CKA_TRUST_SERVER_AUTH: return type_long; - case CKA_TRUST_CLIENT_AUTH: return type_long; - case CKA_TRUST_CODE_SIGNING: return type_long; - case CKA_TRUST_EMAIL_PROTECTION: return type_long; - case CKA_TRUST_IPSEC_END_SYSTEM: return type_long; - case CKA_TRUST_IPSEC_TUNNEL: return type_long; - case CKA_TRUST_IPSEC_USER: return type_long; - case CKA_TRUST_TIME_STAMPING: return type_long; - case CKA_NETSCAPE_DB: return type_opaque; - case CKA_NETSCAPE_TRUST: return type_opaque; - default: return type_opaque; - } + switch (type) { + case CKA_CLASS: + return type_long; + case CKA_TOKEN: + return type_byte; + case CKA_PRIVATE: + return type_byte; + case CKA_LABEL: + return type_opaque; + case CKA_APPLICATION: + return type_opaque; + case CKA_VALUE: + return type_opaque; + case CKA_CERTIFICATE_TYPE: + return type_long; + case CKA_ISSUER: + return type_opaque; + case CKA_SERIAL_NUMBER: + return type_opaque; + case CKA_KEY_TYPE: + return type_long; + case CKA_SUBJECT: + return type_opaque; + case CKA_ID: + return type_opaque; + case CKA_SENSITIVE: + return type_byte; + case CKA_ENCRYPT: + return type_byte; + case CKA_DECRYPT: + return type_byte; + case CKA_WRAP: + return type_byte; + case CKA_UNWRAP: + return type_byte; + case CKA_SIGN: + return type_byte; + case CKA_SIGN_RECOVER: + return type_byte; + case CKA_VERIFY: + return type_byte; + case CKA_VERIFY_RECOVER: + return type_byte; + case CKA_DERIVE: + return type_byte; + case CKA_START_DATE: + return type_opaque; + case CKA_END_DATE: + return type_opaque; + case CKA_MODULUS: + return type_opaque; + case CKA_MODULUS_BITS: + return type_long; + case CKA_PUBLIC_EXPONENT: + return type_opaque; + case CKA_PRIVATE_EXPONENT: + return type_opaque; + case CKA_PRIME_1: + return type_opaque; + case CKA_PRIME_2: + return type_opaque; + case CKA_EXPONENT_1: + return type_opaque; + case CKA_EXPONENT_2: + return type_opaque; + case CKA_COEFFICIENT: + return type_opaque; + case CKA_PRIME: + return type_opaque; + case CKA_SUBPRIME: + return type_opaque; + case CKA_BASE: + return type_opaque; + case CKA_VALUE_BITS: + return type_long; + case CKA_VALUE_LEN: + return type_long; + case CKA_EXTRACTABLE: + return type_byte; + case CKA_LOCAL: + return type_byte; + case CKA_NEVER_EXTRACTABLE: + return type_byte; + case CKA_ALWAYS_SENSITIVE: + return type_byte; + case CKA_MODIFIABLE: + return type_byte; + case CKA_NETSCAPE_URL: + return type_opaque; + case CKA_NETSCAPE_EMAIL: + return type_opaque; + case CKA_NETSCAPE_SMIME_INFO: + return type_opaque; + case CKA_NETSCAPE_SMIME_TIMESTAMP: + return type_opaque; + case CKA_NETSCAPE_PKCS8_SALT: + return type_opaque; + case CKA_NETSCAPE_PASSWORD_CHECK: + return type_opaque; + case CKA_NETSCAPE_EXPIRES: + return type_opaque; + case CKA_TRUST_DIGITAL_SIGNATURE: + return type_long; + case CKA_TRUST_NON_REPUDIATION: + return type_long; + case CKA_TRUST_KEY_ENCIPHERMENT: + return type_long; + case CKA_TRUST_DATA_ENCIPHERMENT: + return type_long; + case CKA_TRUST_KEY_AGREEMENT: + return type_long; + case CKA_TRUST_KEY_CERT_SIGN: + return type_long; + case CKA_TRUST_CRL_SIGN: + return type_long; + case CKA_TRUST_SERVER_AUTH: + return type_long; + case CKA_TRUST_CLIENT_AUTH: + return type_long; + case CKA_TRUST_CODE_SIGNING: + return type_long; + case CKA_TRUST_EMAIL_PROTECTION: + return type_long; + case CKA_TRUST_IPSEC_END_SYSTEM: + return type_long; + case CKA_TRUST_IPSEC_TUNNEL: + return type_long; + case CKA_TRUST_IPSEC_USER: + return type_long; + case CKA_TRUST_TIME_STAMPING: + return type_long; + case CKA_NETSCAPE_DB: + return type_opaque; + case CKA_NETSCAPE_TRUST: + return type_opaque; + default: + return type_opaque; + } } static void -nss_dbm_db_swap_copy -( - CK_ATTRIBUTE_TYPE type, - void *dest, - void *src, - CK_ULONG len -) +nss_dbm_db_swap_copy( + CK_ATTRIBUTE_TYPE type, + void *dest, + void *src, + CK_ULONG len) { - switch( nss_dbm_db_swap_type(type) ) { - case type_byte: - case type_opaque: - (void)memcpy(dest, src, len); - break; - case type_short: - { - CK_USHORT s, d; - (void)memcpy(&s, src, sizeof(CK_USHORT)); - d = htons(s); - (void)memcpy(dest, &d, sizeof(CK_USHORT)); - break; - } - case type_long: - { - CK_ULONG s, d; - (void)memcpy(&s, src, sizeof(CK_ULONG)); - d = htonl(s); - (void)memcpy(dest, &d, sizeof(CK_ULONG)); - break; + switch (nss_dbm_db_swap_type(type)) { + case type_byte: + case type_opaque: + (void)memcpy(dest, src, len); + break; + case type_short: { + CK_USHORT s, d; + (void)memcpy(&s, src, sizeof(CK_USHORT)); + d = htons(s); + (void)memcpy(dest, &d, sizeof(CK_USHORT)); + break; + } + case type_long: { + CK_ULONG s, d; + (void)memcpy(&s, src, sizeof(CK_ULONG)); + d = htonl(s); + (void)memcpy(dest, &d, sizeof(CK_ULONG)); + break; + } } - } } static CK_RV -nss_dbm_db_wrap_object -( - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - DBT *object -) +nss_dbm_db_wrap_object( + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + DBT *object) { - CK_ULONG object_size; - CK_ULONG i; - CK_ULONG *pulData; - char *pcData; - CK_ULONG offset; - - object_size = (1 + ulAttributeCount*3) * sizeof(CK_ULONG); - offset = object_size; - for( i = 0; i < ulAttributeCount; i++ ) { - object_size += pTemplate[i].ulValueLen; - } - - object->size = object_size; - object->data = nss_ZAlloc(arena, object_size); - if( (void *)NULL == object->data ) { - return CKR_HOST_MEMORY; - } - - pulData = (CK_ULONG *)object->data; - pcData = (char *)object->data; - - pulData[0] = htonl(ulAttributeCount); - for( i = 0; i < ulAttributeCount; i++ ) { - CK_ULONG len = pTemplate[i].ulValueLen; - pulData[1 + i*3] = htonl(pTemplate[i].type); - pulData[2 + i*3] = htonl(len); - pulData[3 + i*3] = htonl(offset); - nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len); - offset += len; - } - - return CKR_OK; + CK_ULONG object_size; + CK_ULONG i; + CK_ULONG *pulData; + char *pcData; + CK_ULONG offset; + + object_size = (1 + ulAttributeCount * 3) * sizeof(CK_ULONG); + offset = object_size; + for (i = 0; i < ulAttributeCount; i++) { + object_size += pTemplate[i].ulValueLen; + } + + object->size = object_size; + object->data = nss_ZAlloc(arena, object_size); + if ((void *)NULL == object->data) { + return CKR_HOST_MEMORY; + } + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + pulData[0] = htonl(ulAttributeCount); + for (i = 0; i < ulAttributeCount; i++) { + CK_ULONG len = pTemplate[i].ulValueLen; + pulData[1 + i * 3] = htonl(pTemplate[i].type); + pulData[2 + i * 3] = htonl(len); + pulData[3 + i * 3] = htonl(offset); + nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len); + offset += len; + } + + return CKR_OK; } static CK_RV -nss_dbm_db_unwrap_object -( - NSSArena *arena, - DBT *object, - CK_ATTRIBUTE_PTR *ppTemplate, - CK_ULONG *pulAttributeCount -) +nss_dbm_db_unwrap_object( + NSSArena *arena, + DBT *object, + CK_ATTRIBUTE_PTR *ppTemplate, + CK_ULONG *pulAttributeCount) { - CK_ULONG *pulData; - char *pcData; - CK_ULONG n, i; - CK_ATTRIBUTE_PTR pTemplate; - - pulData = (CK_ULONG *)object->data; - pcData = (char *)object->data; - - n = ntohl(pulData[0]); - *pulAttributeCount = n; - pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n); - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - return CKR_HOST_MEMORY; - } - - for( i = 0; i < n; i++ ) { - CK_ULONG len; - CK_ULONG offset; - void *p; - - pTemplate[i].type = ntohl(pulData[1 + i*3]); - len = ntohl(pulData[2 + i*3]); - offset = ntohl(pulData[3 + i*3]); - - p = nss_ZAlloc(arena, len); - if( (void *)NULL == p ) { - return CKR_HOST_MEMORY; + CK_ULONG *pulData; + char *pcData; + CK_ULONG n, i; + CK_ATTRIBUTE_PTR pTemplate; + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + n = ntohl(pulData[0]); + *pulAttributeCount = n; + pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n); + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + return CKR_HOST_MEMORY; } - - nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len); - pTemplate[i].ulValueLen = len; - pTemplate[i].pValue = p; - } - - *ppTemplate = pTemplate; - return CKR_OK; -} + for (i = 0; i < n; i++) { + CK_ULONG len; + CK_ULONG offset; + void *p; + + pTemplate[i].type = ntohl(pulData[1 + i * 3]); + len = ntohl(pulData[2 + i * 3]); + offset = ntohl(pulData[3 + i * 3]); + + p = nss_ZAlloc(arena, len); + if ((void *)NULL == p) { + return CKR_HOST_MEMORY; + } + + nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len); + pTemplate[i].ulValueLen = len; + pTemplate[i].pValue = p; + } + + *ppTemplate = pTemplate; + return CKR_OK; +} NSS_IMPLEMENT nss_dbm_dbt_t * -nss_dbm_db_create_object -( - NSSArena *arena, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_create_object( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv) { - NSSArena *tmparena = (NSSArena *)NULL; - nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL; - DBT object; - - rv = nss_ZNEW(arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - rv->my_db = db; - rv->dbt.size = sizeof(struct handle); - rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size); - if( (void *)NULL == rv->dbt.data ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError); - if( 0 != *pdbrv ) { - return (nss_dbm_dbt_t *)NULL; - } - - tmparena = NSSArena_Create(); - if( (NSSArena *)NULL == tmparena ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object); - if( CKR_OK != *pError ) { - return (nss_dbm_dbt_t *)NULL; - } - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != *pError ) { - goto loser; + NSSArena *tmparena = (NSSArena *)NULL; + nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL; + DBT object; + + rv = nss_ZNEW(arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; } - *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0); - if( 0 != *pdbrv ) { - *pError = CKR_DEVICE_ERROR; + rv->my_db = db; + rv->dbt.size = sizeof(struct handle); + rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size); + if ((void *)NULL == rv->dbt.data) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; } - (void)db->db->sync(db->db, 0); + *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError); + if (0 != *pdbrv) { + return (nss_dbm_dbt_t *)NULL; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + tmparena = NSSArena_Create(); + if ((NSSArena *)NULL == tmparena) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; + } - loser: - if( (NSSArena *)NULL != tmparena ) { - (void)NSSArena_Destroy(tmparena); - } + *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object); + if (CKR_OK != *pError) { + return (nss_dbm_dbt_t *)NULL; + } - return rv; -} + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != *pError) { + goto loser; + } + *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0); + if (0 != *pdbrv) { + *pError = CKR_DEVICE_ERROR; + } + + (void)db->db->sync(db->db, 0); + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + +loser: + if ((NSSArena *)NULL != tmparena) { + (void)NSSArena_Destroy(tmparena); + } + + return rv; +} NSS_IMPLEMENT CK_RV -nss_dbm_db_find_objects -( - nss_dbm_find_t *find, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_ULONG *pdbrv -) +nss_dbm_db_find_objects( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; - if( (nss_dbm_db_t *)NULL != db ) { - DBT k, v; + if ((nss_dbm_db_t *)NULL != db) { + DBT k, v; - rv = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + rv = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != rv) { + return rv; + } - *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST); - while( 0 == *pdbrv ) { - CK_ULONG i, j; - NSSArena *tmparena = (NSSArena *)NULL; - CK_ULONG ulac; - CK_ATTRIBUTE_PTR pt; - - if( (k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4)) ) { - goto nomatch; - } - - tmparena = NSSArena_Create(); - - rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac); - if( CKR_OK != rv ) { - goto loser; - } - - for( i = 0; i < ulAttributeCount; i++ ) { - for( j = 0; j < ulac; j++ ) { - if( pTemplate[i].type == pt[j].type ) { - if( pTemplate[i].ulValueLen != pt[j].ulValueLen ) { - goto nomatch; + *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST); + while (0 == *pdbrv) { + CK_ULONG i, j; + NSSArena *tmparena = (NSSArena *)NULL; + CK_ULONG ulac; + CK_ATTRIBUTE_PTR pt; + + if ((k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4))) { + goto nomatch; } - if( 0 != memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen) ) { - goto nomatch; + + tmparena = NSSArena_Create(); + + rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac); + if (CKR_OK != rv) { + goto loser; } - break; - } - } - if( j == ulac ) { - goto nomatch; - } - } - /* entire template matches */ - { - struct nss_dbm_dbt_node *node; + for (i = 0; i < ulAttributeCount; i++) { + for (j = 0; j < ulac; j++) { + if (pTemplate[i].type == + pt[j].type) { + if (pTemplate[i].ulValueLen != + pt[j].ulValueLen) { + goto nomatch; + } + if (0 != + memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen)) { + goto nomatch; + } + break; + } + } + if (j == ulac) { + goto nomatch; + } + } - node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node); - if( (struct nss_dbm_dbt_node *)NULL == node ) { - rv = CKR_HOST_MEMORY; - goto loser; - } + /* entire template matches */ + { + struct nss_dbm_dbt_node *node; + + node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node); + if ((struct nss_dbm_dbt_node *)NULL == node) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == node->dbt) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + node->dbt->dbt.size = k.size; + node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size); + if ((void *)NULL == node->dbt->dbt.data) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + (void)memcpy(node->dbt->dbt.data, k.data, k.size); + + node->dbt->my_db = db; + + node->next = find->found; + find->found = node; + } - node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == node->dbt ) { - rv = CKR_HOST_MEMORY; - goto loser; + nomatch: + if ((NSSArena *)NULL != tmparena) { + (void)NSSArena_Destroy(tmparena); + } + *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT); } - - node->dbt->dbt.size = k.size; - node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size); - if( (void *)NULL == node->dbt->dbt.data ) { - rv = CKR_HOST_MEMORY; - goto loser; + + if (*pdbrv < 0) { + rv = CKR_DEVICE_ERROR; + goto loser; } - (void)memcpy(node->dbt->dbt.data, k.data, k.size); + rv = CKR_OK; - node->dbt->my_db = db; + loser: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - node->next = find->found; - find->found = node; - } + return rv; +} - nomatch: - if( (NSSArena *)NULL != tmparena ) { - (void)NSSArena_Destroy(tmparena); - } - *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT); +NSS_IMPLEMENT CK_BBOOL +nss_dbm_db_object_still_exists( + nss_dbm_dbt_t *dbt) +{ + CK_BBOOL rv; + CK_RV ckrv; + int dbrv; + DBT object; + + ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != ckrv) { + return CK_FALSE; } - if( *pdbrv < 0 ) { - rv = CKR_DEVICE_ERROR; - goto loser; + dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == dbrv) { + rv = CK_TRUE; + } else { + rv = CK_FALSE; } - rv = CKR_OK; - - loser: - (void)NSSCKFWMutex_Unlock(db->crustylock); - } - - return rv; -} + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); -NSS_IMPLEMENT CK_BBOOL -nss_dbm_db_object_still_exists -( - nss_dbm_dbt_t *dbt -) -{ - CK_BBOOL rv; - CK_RV ckrv; - int dbrv; - DBT object; - - ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != ckrv ) { - return CK_FALSE; - } - - dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == dbrv ) { - rv = CK_TRUE; - } else { - rv = CK_FALSE; - } - - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - - return rv; + return rv; } NSS_IMPLEMENT CK_ULONG -nss_dbm_db_get_object_attribute_count -( - nss_dbm_dbt_t *dbt, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_count( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv) { - CK_ULONG rv = 0; - DBT object; - CK_ULONG *pulData; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - return rv; - } + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + return rv; + } - pulData = (CK_ULONG *)object.data; - rv = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + pulData = (CK_ULONG *)object.data; + rv = ntohl(pulData[0]); - return rv; + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_get_object_attribute_types -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_types( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; - DBT object; - CK_ULONG *pulData; - CK_ULONG n, i; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - rv = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - rv = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + return rv; + } - pulData = (CK_ULONG *)object.data; - n = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } else if (*pdbrv > 0) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + rv = CKR_DEVICE_ERROR; + goto done; + } - if( ulCount < n ) { - rv = CKR_BUFFER_TOO_SMALL; - goto done; - } + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); - for( i = 0; i < n; i++ ) { - typeArray[i] = ntohl(pulData[1 + i*3]); - } + if (ulCount < n) { + rv = CKR_BUFFER_TOO_SMALL; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + for (i = 0; i < n; i++) { + typeArray[i] = ntohl(pulData[1 + i * 3]); + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT CK_ULONG -nss_dbm_db_get_object_attribute_size -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_size( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv) { - CK_ULONG rv = 0; - DBT object; - CK_ULONG *pulData; - CK_ULONG n, i; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - return rv; - } + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + return rv; + } - pulData = (CK_ULONG *)object.data; - n = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - for( i = 0; i < n; i++ ) { - if( type == ntohl(pulData[1 + i*3]) ) { - rv = ntohl(pulData[2 + i*3]); - } - } + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); - if( i == n ) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - goto done; - } + for (i = 0; i < n; i++) { + if (type == ntohl(pulData[1 + i * 3])) { + rv = ntohl(pulData[2 + i * 3]); + } + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + if (i == n) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT NSSItem * -nss_dbm_db_get_object_attribute -( - nss_dbm_dbt_t *dbt, - NSSArena *arena, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv) { - NSSItem *rv = (NSSItem *)NULL; - DBT object; - CK_ULONG i; - NSSArena *tmp = NSSArena_Create(); - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - goto loser; - } + NSSItem *rv = (NSSItem *)NULL; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + goto loser; + } - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); - if( CKR_OK != *pError ) { - goto done; - } + *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if (CKR_OK != *pError) { + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( type == pTemplate[i].type ) { - rv = nss_ZNEW(arena, NSSItem); - if( (NSSItem *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto done; + for (i = 0; i < ulAttributeCount; i++) { + if (type == pTemplate[i].type) { + rv = nss_ZNEW(arena, NSSItem); + if ((NSSItem *)NULL == rv) { + *pError = + CKR_HOST_MEMORY; + goto done; + } + rv->size = pTemplate[i].ulValueLen; + rv->data = nss_ZAlloc(arena, rv->size); + if ((void *)NULL == rv->data) { + *pError = + CKR_HOST_MEMORY; + goto done; + } + (void)memcpy(rv->data, pTemplate[i].pValue, rv->size); + break; + } } - rv->size = pTemplate[i].ulValueLen; - rv->data = nss_ZAlloc(arena, rv->size); - if( (void *)NULL == rv->data ) { - *pError = CKR_HOST_MEMORY; - goto done; + if (ulAttributeCount == i) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; } - (void)memcpy(rv->data, pTemplate[i].pValue, rv->size); - break; - } - } - if( ulAttributeCount == i ) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - goto done; - } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - loser: - if( (NSSArena *)NULL != tmp ) { - NSSArena_Destroy(tmp); - } +loser: + if ((NSSArena *)NULL != tmp) { + NSSArena_Destroy(tmp); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_set_object_attribute -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - NSSItem *value, - CK_ULONG *pdbrv -) +nss_dbm_db_set_object_attribute( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; - DBT object; - CK_ULONG i; - NSSArena *tmp = NSSArena_Create(); - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - goto loser; - } + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + goto loser; + } - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - rv = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - rv = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } else if (*pdbrv > 0) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + rv = CKR_DEVICE_ERROR; + goto done; + } - rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); - if( CKR_OK != rv ) { - goto done; - } + rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if (CKR_OK != rv) { + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( type == pTemplate[i].type ) { - /* Replacing an existing attribute */ - pTemplate[i].ulValueLen = value->size; - pTemplate[i].pValue = value->data; - break; - } - } + for (i = 0; i < ulAttributeCount; i++) { + if (type == pTemplate[i].type) { + /* Replacing an existing attribute */ + pTemplate[i].ulValueLen = value->size; + pTemplate[i].pValue = value->data; + break; + } + } - if( i == ulAttributeCount ) { - /* Adding a new attribute */ - CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount+1); - if( (CK_ATTRIBUTE_PTR)NULL == npt ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + if (i == ulAttributeCount) { + /* Adding a new attribute */ + CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount + 1); + if ((CK_ATTRIBUTE_PTR)NULL == npt) { + rv = CKR_DEVICE_ERROR; + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - npt[i] = pTemplate[i]; - } + for (i = 0; i < ulAttributeCount; i++) { + npt[i] = pTemplate[i]; + } - npt[ulAttributeCount].type = type; - npt[ulAttributeCount].ulValueLen = value->size; - npt[ulAttributeCount].pValue = value->data; + npt[ulAttributeCount].type = type; + npt[ulAttributeCount].ulValueLen = value->size; + npt[ulAttributeCount].pValue = value->data; - pTemplate = npt; - ulAttributeCount++; - } + pTemplate = npt; + ulAttributeCount++; + } - rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object); - if( CKR_OK != rv ) { - goto done; - } + rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object); + if (CKR_OK != rv) { + goto done; + } - *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 != *pdbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 != *pdbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - (void)dbt->my_db->db->sync(dbt->my_db->db, 0); + (void)dbt->my_db->db->sync(dbt->my_db->db, 0); - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - loser: - if( (NSSArena *)NULL != tmp ) { - NSSArena_Destroy(tmp); - } +loser: + if ((NSSArena *)NULL != tmp) { + NSSArena_Destroy(tmp); + } - return rv; + return rv; } diff --git a/nss/lib/ckfw/dbm/find.c b/nss/lib/ckfw/dbm/find.c index 575c0ad..8a03855 100644 --- a/nss/lib/ckfw/dbm/find.c +++ b/nss/lib/ckfw/dbm/find.c @@ -5,129 +5,122 @@ #include "ckdbm.h" static void -nss_dbm_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; - /* Locks might have system resources associated */ - (void)NSSCKFWMutex_Destroy(find->list_lock); - (void)NSSArena_Destroy(find->arena); + /* Locks might have system resources associated */ + (void)NSSCKFWMutex_Destroy(find->list_lock); + (void)NSSArena_Destroy(find->arena); } - static NSSCKMDObject * -nss_dbm_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nss_dbm_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; - struct nss_dbm_dbt_node *node; - nss_dbm_object_t *object; - NSSCKMDObject *rv; - - while(1) { - /* Lock */ - { - *pError = NSSCKFWMutex_Lock(find->list_lock); - if( CKR_OK != *pError ) { + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + struct nss_dbm_dbt_node *node; + nss_dbm_object_t *object; + NSSCKMDObject *rv; + + while (1) { + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(find->list_lock); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } + + node = find->found; + if ((struct nss_dbm_dbt_node *)NULL != node) { + find->found = node->next; + } + + *pError = NSSCKFWMutex_Unlock(find->list_lock); + if (CKR_OK != *pError) { + /* screwed now */ + return (NSSCKMDObject *)NULL; + } + } + + if ((struct nss_dbm_dbt_node *)NULL == node) { + break; + } + + if (nss_dbm_db_object_still_exists(node->dbt)) { + break; + } + } + + if ((struct nss_dbm_dbt_node *)NULL == node) { + *pError = CKR_OK; return (NSSCKMDObject *)NULL; - } - - node = find->found; - if( (struct nss_dbm_dbt_node *)NULL != node ) { - find->found = node->next; - } - - *pError = NSSCKFWMutex_Unlock(find->list_lock); - if( CKR_OK != *pError ) { - /* screwed now */ + } + + object = nss_ZNEW(arena, nss_dbm_object_t); + if ((nss_dbm_object_t *)NULL == object) { + *pError = CKR_HOST_MEMORY; return (NSSCKMDObject *)NULL; - } } - if( (struct nss_dbm_dbt_node *)NULL == node ) { - break; + object->arena = arena; + object->handle = nss_ZNEW(arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == object->handle) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - if( nss_dbm_db_object_still_exists(node->dbt) ) { - break; + object->handle->my_db = node->dbt->my_db; + object->handle->dbt.size = node->dbt->dbt.size; + object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size); + if ((void *)NULL == object->handle->dbt.data) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - } - - if( (struct nss_dbm_dbt_node *)NULL == node ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } - - object = nss_ZNEW(arena, nss_dbm_object_t); - if( (nss_dbm_object_t *)NULL == object ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->arena = arena; - object->handle = nss_ZNEW(arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == object->handle ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->handle->my_db = node->dbt->my_db; - object->handle->dbt.size = node->dbt->dbt.size; - object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size); - if( (void *)NULL == object->handle->dbt.data ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size); - - rv = nss_dbm_mdObject_factory(object, pError); - if( (NSSCKMDObject *)NULL == rv ) { - return (NSSCKMDObject *)NULL; - } - - return rv; + + (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size); + + rv = nss_dbm_mdObject_factory(object, pError); + if ((NSSCKMDObject *)NULL == rv) { + return (NSSCKMDObject *)NULL; + } + + return rv; } NSS_IMPLEMENT NSSCKMDFindObjects * -nss_dbm_mdFindObjects_factory -( - nss_dbm_find_t *find, - CK_RV *pError -) +nss_dbm_mdFindObjects_factory( + nss_dbm_find_t *find, + CK_RV *pError) { - NSSCKMDFindObjects *rv; + NSSCKMDFindObjects *rv; - rv = nss_ZNEW(find->arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDFindObjects *)NULL; - } + rv = nss_ZNEW(find->arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } - rv->etc = (void *)find; - rv->Final = nss_dbm_mdFindObjects_Final; - rv->Next = nss_dbm_mdFindObjects_Next; + rv->etc = (void *)find; + rv->Final = nss_dbm_mdFindObjects_Final; + rv->Next = nss_dbm_mdFindObjects_Next; - return rv; + return rv; } diff --git a/nss/lib/ckfw/dbm/instance.c b/nss/lib/ckfw/dbm/instance.c index 14f7af8..fbb1172 100644 --- a/nss/lib/ckfw/dbm/instance.c +++ b/nss/lib/ckfw/dbm/instance.c @@ -5,159 +5,143 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdInstance_Initialize -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSUTF8 *configurationData -) +nss_dbm_mdInstance_Initialize( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData) { - CK_RV rv = CKR_OK; - NSSArena *arena; - nss_dbm_instance_t *instance; + CK_RV rv = CKR_OK; + NSSArena *arena; + nss_dbm_instance_t *instance; - arena = NSSCKFWInstance_GetArena(fwInstance, &rv); - if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) { - return rv; - } - - instance = nss_ZNEW(arena, nss_dbm_instance_t); - if( (nss_dbm_instance_t *)NULL == instance ) { - return CKR_HOST_MEMORY; - } - - instance->arena = arena; - - /* - * This should parse the configuration data for information on - * number and locations of databases, modes (e.g. readonly), etc. - * But for now, we'll have one slot with a creatable read-write - * database called "cert8.db." - */ - - instance->nSlots = 1; - instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots); - if( (char **)NULL == instance->filenames ) { - return CKR_HOST_MEMORY; - } - - instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots); - if( (int *)NULL == instance->flags ) { - return CKR_HOST_MEMORY; - } - - instance->filenames[0] = "cert8.db"; - instance->flags[0] = O_RDWR|O_CREAT; - - mdInstance->etc = (void *)instance; - return CKR_OK; + arena = NSSCKFWInstance_GetArena(fwInstance, &rv); + if (((NSSArena *)NULL == arena) && (CKR_OK != rv)) { + return rv; + } + + instance = nss_ZNEW(arena, nss_dbm_instance_t); + if ((nss_dbm_instance_t *)NULL == instance) { + return CKR_HOST_MEMORY; + } + + instance->arena = arena; + + /* + * This should parse the configuration data for information on + * number and locations of databases, modes (e.g. readonly), etc. + * But for now, we'll have one slot with a creatable read-write + * database called "cert8.db." + */ + + instance->nSlots = 1; + instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots); + if ((char **)NULL == instance->filenames) { + return CKR_HOST_MEMORY; + } + + instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots); + if ((int *)NULL == instance->flags) { + return CKR_HOST_MEMORY; + } + + instance->filenames[0] = "cert8.db"; + instance->flags[0] = O_RDWR | O_CREAT; + + mdInstance->etc = (void *)instance; + return CKR_OK; } /* nss_dbm_mdInstance_Finalize is not required */ static CK_ULONG -nss_dbm_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - return instance->nSlots; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + return instance->nSlots; } static CK_VERSION -nss_dbm_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - static CK_VERSION rv = { 2, 1 }; - return rv; + static CK_VERSION rv = { 2, 1 }; + return rv; } static NSSUTF8 * -nss_dbm_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Mozilla Foundation"; + return "Mozilla Foundation"; } static NSSUTF8 * -nss_dbm_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Berkeley Database Module"; + return "Berkeley Database Module"; } static CK_VERSION -nss_dbm_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - static CK_VERSION rv = { 1, 0 }; /* My own version number */ - return rv; + static CK_VERSION rv = { 1, 0 }; /* My own version number */ + return rv; } static CK_BBOOL -nss_dbm_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_RV -nss_dbm_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +nss_dbm_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_ULONG i; - CK_RV rv = CKR_OK; - - for( i = 0; i < instance->nSlots; i++ ) { - slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i], - instance->flags[i], &rv); - if( (NSSCKMDSlot *)NULL == slots[i] ) { - return rv; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_ULONG i; + CK_RV rv = CKR_OK; + + for (i = 0; i < instance->nSlots; i++) { + slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i], + instance->flags[i], &rv); + if ((NSSCKMDSlot *)NULL == slots[i]) { + return rv; + } } - } - return rv; + return rv; } /* nss_dbm_mdInstance_WaitForSlotEvent is not relevant */ -NSS_IMPLEMENT_DATA NSSCKMDInstance -nss_dbm_mdInstance = { - NULL, /* etc; filled in later */ - nss_dbm_mdInstance_Initialize, - NULL, /* nss_dbm_mdInstance_Finalize */ - nss_dbm_mdInstance_GetNSlots, - nss_dbm_mdInstance_GetCryptokiVersion, - nss_dbm_mdInstance_GetManufacturerID, - nss_dbm_mdInstance_GetLibraryDescription, - nss_dbm_mdInstance_GetLibraryVersion, - nss_dbm_mdInstance_ModuleHandlesSessionObjects, - nss_dbm_mdInstance_GetSlots, - NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */ - NULL /* terminator */ -}; +NSS_IMPLEMENT_DATA NSSCKMDInstance + nss_dbm_mdInstance = { + NULL, /* etc; filled in later */ + nss_dbm_mdInstance_Initialize, + NULL, /* nss_dbm_mdInstance_Finalize */ + nss_dbm_mdInstance_GetNSlots, + nss_dbm_mdInstance_GetCryptokiVersion, + nss_dbm_mdInstance_GetManufacturerID, + nss_dbm_mdInstance_GetLibraryDescription, + nss_dbm_mdInstance_GetLibraryVersion, + nss_dbm_mdInstance_ModuleHandlesSessionObjects, + nss_dbm_mdInstance_GetSlots, + NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */ + NULL /* terminator */ + }; diff --git a/nss/lib/ckfw/dbm/object.c b/nss/lib/ckfw/dbm/object.c index 0649d40..4f6e4d4 100644 --- a/nss/lib/ckfw/dbm/object.c +++ b/nss/lib/ckfw/dbm/object.c @@ -5,167 +5,151 @@ #include "ckdbm.h" static void -nss_dbm_mdObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ; + ; } static CK_RV -nss_dbm_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - return nss_dbm_db_delete_object(object->handle); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + return nss_dbm_db_delete_object(object->handle); } static CK_ULONG -nss_dbm_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_count(object->handle, pError, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_count(object->handle, pError, + &session->deviceError); } static CK_RV -nss_dbm_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nss_dbm_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_types(object->handle, typeArray, - ulCount, &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_types(object->handle, typeArray, + ulCount, &session->deviceError); } static CK_ULONG -nss_dbm_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_dbm_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError, + &session->deviceError); } static NSSItem * -nss_dbm_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_dbm_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute, - pError, &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute, + pError, &session->deviceError); } static CK_RV -nss_dbm_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nss_dbm_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_set_object_attribute(object->handle, attribute, value, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_set_object_attribute(object->handle, attribute, value, + &session->deviceError); } NSS_IMPLEMENT NSSCKMDObject * -nss_dbm_mdObject_factory -( - nss_dbm_object_t *object, - CK_RV *pError -) +nss_dbm_mdObject_factory( + nss_dbm_object_t *object, + CK_RV *pError) { - NSSCKMDObject *rv; + NSSCKMDObject *rv; - rv = nss_ZNEW(object->arena, NSSCKMDObject); - if( (NSSCKMDObject *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } + rv = nss_ZNEW(object->arena, NSSCKMDObject); + if ((NSSCKMDObject *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } - rv->etc = (void *)object; - rv->Finalize = nss_dbm_mdObject_Finalize; - rv->Destroy = nss_dbm_mdObject_Destroy; - /* IsTokenObject can be deferred */ - rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount; - rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes; - rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize; - rv->GetAttribute = nss_dbm_mdObject_GetAttribute; - rv->SetAttribute = nss_dbm_mdObject_SetAttribute; - /* GetObjectSize can be deferred */ + rv->etc = (void *)object; + rv->Finalize = nss_dbm_mdObject_Finalize; + rv->Destroy = nss_dbm_mdObject_Destroy; + /* IsTokenObject can be deferred */ + rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount; + rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes; + rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize; + rv->GetAttribute = nss_dbm_mdObject_GetAttribute; + rv->SetAttribute = nss_dbm_mdObject_SetAttribute; + /* GetObjectSize can be deferred */ - return rv; + return rv; } diff --git a/nss/lib/ckfw/dbm/session.c b/nss/lib/ckfw/dbm/session.c index 6101c06..a1c2ee5 100644 --- a/nss/lib/ckfw/dbm/session.c +++ b/nss/lib/ckfw/dbm/session.c @@ -5,50 +5,46 @@ #include "ckdbm.h" static void -nss_dbm_mdSession_Close -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSession_Close( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - struct nss_dbm_dbt_node *w; + struct nss_dbm_dbt_node *w; - /* Lock */ - { - if( CKR_OK != NSSCKFWMutex_Lock(session->list_lock) ) { - return; - } + /* Lock */ + { + if (CKR_OK != NSSCKFWMutex_Lock(session->list_lock)) { + return; + } - w = session->session_objects; - session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */ - - (void)NSSCKFWMutex_Unlock(session->list_lock); - } + w = session->session_objects; + session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */ + + (void)NSSCKFWMutex_Unlock(session->list_lock); + } - for( ; (struct nss_dbm_dbt_node *)NULL != w; w = w->next ) { - (void)nss_dbm_db_delete_object(w->dbt); - } + for (; (struct nss_dbm_dbt_node *)NULL != w; w = w->next) { + (void)nss_dbm_db_delete_object(w->dbt); + } } static CK_ULONG -nss_dbm_mdSession_GetDeviceError -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSession_GetDeviceError( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return session->deviceError; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return session->deviceError; } /* Login isn't needed */ @@ -60,206 +56,200 @@ nss_dbm_mdSession_GetDeviceError /* SetOperationState is irrelevant */ static NSSCKMDObject * -nss_dbm_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_dbm_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - CK_ULONG i; - CK_BBOOL isToken = CK_FALSE; /* defaults to false */ - NSSCKMDObject *rv; - struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL; - nss_dbm_object_t *object; - nss_dbm_db_t *which_db; - - /* This framework should really pass this to me */ - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - isToken = *(CK_BBOOL *)pTemplate[i].pValue; - break; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_ULONG i; + CK_BBOOL isToken = CK_FALSE; /* defaults to false */ + NSSCKMDObject *rv; + struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL; + nss_dbm_object_t *object; + nss_dbm_db_t *which_db; + + /* This framework should really pass this to me */ + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + isToken = *(CK_BBOOL *)pTemplate[i].pValue; + break; + } } - } - - object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t); - if( (nss_dbm_object_t *)NULL == object ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->arena = handyArenaPointer; - which_db = isToken ? token->slot->token_db : token->session_db; - - /* Do this before the actual database call; it's easier to recover from */ - rv = nss_dbm_mdObject_factory(object, pError); - if( (NSSCKMDObject *)NULL == rv ) { - return (NSSCKMDObject *)NULL; - } - - if( CK_FALSE == isToken ) { - node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node); - if( (struct nss_dbm_dbt_node *)NULL == node ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; + + object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t); + if ((nss_dbm_object_t *)NULL == object) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - } - object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db, - pTemplate, ulAttributeCount, - pError, &session->deviceError); - if( (nss_dbm_dbt_t *)NULL == object->handle ) { - return (NSSCKMDObject *)NULL; - } + object->arena = handyArenaPointer; + which_db = isToken ? token->slot->token_db : token->session_db; - if( CK_FALSE == isToken ) { - node->dbt = object->handle; - /* Lock */ - { - *pError = NSSCKFWMutex_Lock(session->list_lock); - if( CKR_OK != *pError ) { - (void)nss_dbm_db_delete_object(object->handle); + /* Do this before the actual database call; it's easier to recover from */ + rv = nss_dbm_mdObject_factory(object, pError); + if ((NSSCKMDObject *)NULL == rv) { return (NSSCKMDObject *)NULL; - } - - node->next = session->session_objects; - session->session_objects = node; - - *pError = NSSCKFWMutex_Unlock(session->list_lock); } - } - return rv; + if (CK_FALSE == isToken) { + node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node); + if ((struct nss_dbm_dbt_node *)NULL == node) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + } + + object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db, + pTemplate, ulAttributeCount, + pError, &session->deviceError); + if ((nss_dbm_dbt_t *)NULL == object->handle) { + return (NSSCKMDObject *)NULL; + } + + if (CK_FALSE == isToken) { + node->dbt = object->handle; + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(session->list_lock); + if (CKR_OK != *pError) { + (void)nss_dbm_db_delete_object(object->handle); + return (NSSCKMDObject *)NULL; + } + + node->next = session->session_objects; + session->session_objects = node; + + *pError = NSSCKFWMutex_Unlock(session->list_lock); + } + } + + return rv; } /* CopyObject isn't needed; the framework will use CreateObject */ static NSSCKMDFindObjects * -nss_dbm_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_dbm_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - NSSArena *arena; - nss_dbm_find_t *find; - NSSCKMDFindObjects *rv; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - find = nss_ZNEW(arena, nss_dbm_find_t); - if( (nss_dbm_find_t *)NULL == find ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - find->arena = arena; - find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == find->list_lock ) { - goto loser; - } - - *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate, - ulAttributeCount, &session->deviceError); - if( CKR_OK != *pError ) { - goto loser; - } - - *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate, - ulAttributeCount, &session->deviceError); - if( CKR_OK != *pError ) { - goto loser; - } - - rv = nss_dbm_mdFindObjects_factory(find, pError); - if( (NSSCKMDFindObjects *)NULL == rv ) { - goto loser; - } - - return rv; - - loser: - if( (NSSArena *)NULL != arena ) { - (void)NSSArena_Destroy(arena); - } - - return (NSSCKMDFindObjects *)NULL; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + NSSArena *arena; + nss_dbm_find_t *find; + NSSCKMDFindObjects *rv; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find = nss_ZNEW(arena, nss_dbm_find_t); + if ((nss_dbm_find_t *)NULL == find) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find->arena = arena; + find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == find->list_lock) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate, + ulAttributeCount, &session->deviceError); + if (CKR_OK != *pError) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate, + ulAttributeCount, &session->deviceError); + if (CKR_OK != *pError) { + goto loser; + } + + rv = nss_dbm_mdFindObjects_factory(find, pError); + if ((NSSCKMDFindObjects *)NULL == rv) { + goto loser; + } + + return rv; + +loser: + if ((NSSArena *)NULL != arena) { + (void)NSSArena_Destroy(arena); + } + + return (NSSCKMDFindObjects *)NULL; } /* SeedRandom is irrelevant */ /* GetRandom is irrelevant */ NSS_IMPLEMENT NSSCKMDSession * -nss_dbm_mdSession_factory -( - nss_dbm_token_t *token, - NSSCKFWSession *fwSession, - NSSCKFWInstance *fwInstance, - CK_BBOOL rw, - CK_RV *pError -) +nss_dbm_mdSession_factory( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError) { - NSSArena *arena; - nss_dbm_session_t *session; - NSSCKMDSession *rv; - - arena = NSSCKFWSession_GetArena(fwSession, pError); - - session = nss_ZNEW(arena, nss_dbm_session_t); - if( (nss_dbm_session_t *)NULL == session ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } - - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } - - session->arena = arena; - session->token = token; - session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == session->list_lock ) { - return (NSSCKMDSession *)NULL; - } - - rv->etc = (void *)session; - rv->Close = nss_dbm_mdSession_Close; - rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError; - /* Login isn't needed */ - /* Logout isn't needed */ - /* InitPIN is irrelevant */ - /* SetPIN is irrelevant */ - /* GetOperationStateLen is irrelevant */ - /* GetOperationState is irrelevant */ - /* SetOperationState is irrelevant */ - rv->CreateObject = nss_dbm_mdSession_CreateObject; - /* CopyObject isn't needed; the framework will use CreateObject */ - rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit; - rv->null = NULL; - - return rv; + NSSArena *arena; + nss_dbm_session_t *session; + NSSCKMDSession *rv; + + arena = NSSCKFWSession_GetArena(fwSession, pError); + + session = nss_ZNEW(arena, nss_dbm_session_t); + if ((nss_dbm_session_t *)NULL == session) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + session->arena = arena; + session->token = token; + session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == session->list_lock) { + return (NSSCKMDSession *)NULL; + } + + rv->etc = (void *)session; + rv->Close = nss_dbm_mdSession_Close; + rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError; + /* Login isn't needed */ + /* Logout isn't needed */ + /* InitPIN is irrelevant */ + /* SetPIN is irrelevant */ + /* GetOperationStateLen is irrelevant */ + /* GetOperationState is irrelevant */ + /* SetOperationState is irrelevant */ + rv->CreateObject = nss_dbm_mdSession_CreateObject; + /* CopyObject isn't needed; the framework will use CreateObject */ + rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit; + rv->null = NULL; + + return rv; } diff --git a/nss/lib/ckfw/dbm/slot.c b/nss/lib/ckfw/dbm/slot.c index 0b7e645..06824d5 100644 --- a/nss/lib/ckfw/dbm/slot.c +++ b/nss/lib/ckfw/dbm/slot.c @@ -5,113 +5,101 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdSlot_Initialize -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_Initialize( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_RV rv = CKR_OK; - - slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename, - slot->flags, &rv); - if( (nss_dbm_db_t *)NULL == slot->token_db ) { - if( CKR_TOKEN_NOT_PRESENT == rv ) { - /* This is not an error-- just means "the token isn't there" */ - rv = CKR_OK; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv = CKR_OK; + + slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename, + slot->flags, &rv); + if ((nss_dbm_db_t *)NULL == slot->token_db) { + if (CKR_TOKEN_NOT_PRESENT == rv) { + /* This is not an error-- just means "the token isn't there" */ + rv = CKR_OK; + } } - } - return rv; + return rv; } static void -nss_dbm_mdSlot_Destroy -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_Destroy( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - if( (nss_dbm_db_t *)NULL != slot->token_db ) { - nss_dbm_db_close(slot->token_db); - slot->token_db = (nss_dbm_db_t *)NULL; - } + if ((nss_dbm_db_t *)NULL != slot->token_db) { + nss_dbm_db_close(slot->token_db); + slot->token_db = (nss_dbm_db_t *)NULL; + } } static NSSUTF8 * -nss_dbm_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Database"; + return "Database"; } static NSSUTF8 * -nss_dbm_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Berkeley"; + return "Berkeley"; } static CK_BBOOL -nss_dbm_mdSlot_GetTokenPresent -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_GetTokenPresent( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - if( (nss_dbm_db_t *)NULL == slot->token_db ) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if ((nss_dbm_db_t *)NULL == slot->token_db) { + return CK_FALSE; + } else { + return CK_TRUE; + } } static CK_BBOOL -nss_dbm_mdSlot_GetRemovableDevice -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_GetRemovableDevice( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* - * Well, this supports "tokens" (databases) that aren't there, so in - * that sense they're removable. It'd be nice to handle databases - * that suddenly disappear (NFS-mounted home directories and network - * errors, for instance) but that's a harder problem. We'll say - * we support removable devices, badly. - */ - - return CK_TRUE; + /* + * Well, this supports "tokens" (databases) that aren't there, so in + * that sense they're removable. It'd be nice to handle databases + * that suddenly disappear (NFS-mounted home directories and network + * errors, for instance) but that's a harder problem. We'll say + * we support removable devices, badly. + */ + + return CK_TRUE; } /* nss_dbm_mdSlot_GetHardwareSlot defaults to CK_FALSE */ -/* +/* * nss_dbm_mdSlot_GetHardwareVersion * nss_dbm_mdSlot_GetFirmwareVersion * @@ -122,60 +110,56 @@ nss_dbm_mdSlot_GetRemovableDevice */ static NSSCKMDToken * -nss_dbm_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - return nss_dbm_mdToken_factory(slot, pError); + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + return nss_dbm_mdToken_factory(slot, pError); } NSS_IMPLEMENT NSSCKMDSlot * -nss_dbm_mdSlot_factory -( - nss_dbm_instance_t *instance, - char *filename, - int flags, - CK_RV *pError -) +nss_dbm_mdSlot_factory( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError) { - nss_dbm_slot_t *slot; - NSSCKMDSlot *rv; - - slot = nss_ZNEW(instance->arena, nss_dbm_slot_t); - if( (nss_dbm_slot_t *)NULL == slot ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSlot *)NULL; - } - - slot->instance = instance; - slot->filename = filename; - slot->flags = flags; - slot->token_db = (nss_dbm_db_t *)NULL; - - rv = nss_ZNEW(instance->arena, NSSCKMDSlot); - if( (NSSCKMDSlot *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSlot *)NULL; - } - - rv->etc = (void *)slot; - rv->Initialize = nss_dbm_mdSlot_Initialize; - rv->Destroy = nss_dbm_mdSlot_Destroy; - rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription; - rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID; - rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent; - rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice; - /* GetHardwareSlot */ - /* GetHardwareVersion */ - /* GetFirmwareVersion */ - rv->GetToken = nss_dbm_mdSlot_GetToken; - rv->null = (void *)NULL; - - return rv; + nss_dbm_slot_t *slot; + NSSCKMDSlot *rv; + + slot = nss_ZNEW(instance->arena, nss_dbm_slot_t); + if ((nss_dbm_slot_t *)NULL == slot) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + slot->instance = instance; + slot->filename = filename; + slot->flags = flags; + slot->token_db = (nss_dbm_db_t *)NULL; + + rv = nss_ZNEW(instance->arena, NSSCKMDSlot); + if ((NSSCKMDSlot *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + rv->etc = (void *)slot; + rv->Initialize = nss_dbm_mdSlot_Initialize; + rv->Destroy = nss_dbm_mdSlot_Destroy; + rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription; + rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID; + rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent; + rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice; + /* GetHardwareSlot */ + /* GetHardwareVersion */ + /* GetFirmwareVersion */ + rv->GetToken = nss_dbm_mdSlot_GetToken; + rv->null = (void *)NULL; + + return rv; } diff --git a/nss/lib/ckfw/dbm/token.c b/nss/lib/ckfw/dbm/token.c index e033e15..6873bf0 100644 --- a/nss/lib/ckfw/dbm/token.c +++ b/nss/lib/ckfw/dbm/token.c @@ -5,168 +5,154 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdToken_Setup -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_Setup( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - CK_RV rv = CKR_OK; - - token->arena = NSSCKFWToken_GetArena(fwToken, &rv); - token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, - O_RDWR|O_CREAT, &rv); - if( (nss_dbm_db_t *)NULL == token->session_db ) { - return rv; - } + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_RV rv = CKR_OK; + + token->arena = NSSCKFWToken_GetArena(fwToken, &rv); + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR | O_CREAT, &rv); + if ((nss_dbm_db_t *)NULL == token->session_db) { + return rv; + } - /* Add a label record if there isn't one? */ + /* Add a label record if there isn't one? */ - return CKR_OK; + return CKR_OK; } static void -nss_dbm_mdToken_Invalidate -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_Invalidate( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( (nss_dbm_db_t *)NULL != token->session_db ) { - nss_dbm_db_close(token->session_db); - token->session_db = (nss_dbm_db_t *)NULL; - } + if ((nss_dbm_db_t *)NULL != token->session_db) { + nss_dbm_db_close(token->session_db); + token->session_db = (nss_dbm_db_t *)NULL; + } } static CK_RV -nss_dbm_mdToken_InitToken -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin, - NSSUTF8 *label -) +nss_dbm_mdToken_InitToken( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_RV rv; - - /* Wipe the session object data */ - - if( (nss_dbm_db_t *)NULL != token->session_db ) { - nss_dbm_db_close(token->session_db); - } - - token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, - O_RDWR|O_CREAT, &rv); - if( (nss_dbm_db_t *)NULL == token->session_db ) { - return rv; - } + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv; - /* Wipe the token object data */ + /* Wipe the session object data */ - if( token->slot->flags & O_RDWR ) { - if( (nss_dbm_db_t *)NULL != token->slot->token_db ) { - nss_dbm_db_close(token->slot->token_db); + if ((nss_dbm_db_t *)NULL != token->session_db) { + nss_dbm_db_close(token->session_db); } - token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, - token->slot->filename, - token->slot->flags | O_CREAT | O_TRUNC, - &rv); - if( (nss_dbm_db_t *)NULL == token->slot->token_db ) { - return rv; + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR | O_CREAT, &rv); + if ((nss_dbm_db_t *)NULL == token->session_db) { + return rv; } - /* PIN is irrelevant */ + /* Wipe the token object data */ - rv = nss_dbm_db_set_label(token->slot->token_db, label); - if( CKR_OK != rv ) { - return rv; + if (token->slot->flags & O_RDWR) { + if ((nss_dbm_db_t *)NULL != token->slot->token_db) { + nss_dbm_db_close(token->slot->token_db); + } + + token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, + token->slot->filename, + token->slot->flags | O_CREAT | O_TRUNC, + &rv); + if ((nss_dbm_db_t *)NULL == token->slot->token_db) { + return rv; + } + + /* PIN is irrelevant */ + + rv = nss_dbm_db_set_label(token->slot->token_db, label); + if (CKR_OK != rv) { + return rv; + } } - } - return CKR_OK; + return CKR_OK; } static NSSUTF8 * -nss_dbm_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( (NSSUTF8 *)NULL == token->label ) { - token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError); - } + if ((NSSUTF8 *)NULL == token->label) { + token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError); + } - /* If no label has been set, return *something* */ - if( (NSSUTF8 *)NULL == token->label ) { - return token->slot->filename; - } + /* If no label has been set, return *something* */ + if ((NSSUTF8 *)NULL == token->label) { + return token->slot->filename; + } - return token->label; + return token->label; } static NSSUTF8 * -nss_dbm_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "mozilla.org NSS"; + return "mozilla.org NSS"; } static NSSUTF8 * -nss_dbm_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "dbm"; + return "dbm"; } /* GetSerialNumber is irrelevant */ /* GetHasRNG defaults to CK_FALSE */ static CK_BBOOL -nss_dbm_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( token->slot->flags & O_RDWR ) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if (token->slot->flags & O_RDWR) { + return CK_FALSE; + } else { + return CK_TRUE; + } } /* GetLoginRequired defaults to CK_FALSE */ @@ -177,47 +163,41 @@ nss_dbm_mdToken_GetIsWriteProtected /* GetSupportsDualCryptoOperations is irrelevant */ static CK_ULONG -nss_dbm_mdToken_effectively_infinite -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_effectively_infinite( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_EFFECTIVELY_INFINITE; + return CK_EFFECTIVELY_INFINITE; } static CK_VERSION -nss_dbm_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - return nss_dbm_db_get_format_version(token->slot->token_db); + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_db_get_format_version(token->slot->token_db); } /* GetFirmwareVersion is irrelevant */ /* GetUTCTime is irrelevant */ static NSSCKMDSession * -nss_dbm_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +nss_dbm_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError); + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError); } /* GetMechanismCount defaults to zero */ @@ -225,58 +205,56 @@ nss_dbm_mdToken_OpenSession /* GetMechanism is irrelevant */ NSS_IMPLEMENT NSSCKMDToken * -nss_dbm_mdToken_factory -( - nss_dbm_slot_t *slot, - CK_RV *pError -) +nss_dbm_mdToken_factory( + nss_dbm_slot_t *slot, + CK_RV *pError) { - nss_dbm_token_t *token; - NSSCKMDToken *rv; - - token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t); - if( (nss_dbm_token_t *)NULL == token ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDToken *)NULL; - } - - rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken); - if( (NSSCKMDToken *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDToken *)NULL; - } - - token->slot = slot; - - rv->etc = (void *)token; - rv->Setup = nss_dbm_mdToken_Setup; - rv->Invalidate = nss_dbm_mdToken_Invalidate; - rv->InitToken = nss_dbm_mdToken_InitToken; - rv->GetLabel = nss_dbm_mdToken_GetLabel; - rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID; - rv->GetModel = nss_dbm_mdToken_GetModel; - /* GetSerialNumber is irrelevant */ - /* GetHasRNG defaults to CK_FALSE */ - rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected; - /* GetLoginRequired defaults to CK_FALSE */ - /* GetUserPinInitialized defaults to CK_FALSE */ - /* GetRestoreKeyNotNeeded is irrelevant */ - /* GetHasClockOnToken defaults to CK_FALSE */ - /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ - /* GetSupportsDualCryptoOperations is irrelevant */ - rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite; - rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite; - /* GetMaxPinLen is irrelevant */ - /* GetMinPinLen is irrelevant */ - /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ - rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion; - /* GetFirmwareVersion is irrelevant */ - /* GetUTCTime is irrelevant */ - rv->OpenSession = nss_dbm_mdToken_OpenSession; - rv->null = NULL; - - return rv; + nss_dbm_token_t *token; + NSSCKMDToken *rv; + + token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t); + if ((nss_dbm_token_t *)NULL == token) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken); + if ((NSSCKMDToken *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + token->slot = slot; + + rv->etc = (void *)token; + rv->Setup = nss_dbm_mdToken_Setup; + rv->Invalidate = nss_dbm_mdToken_Invalidate; + rv->InitToken = nss_dbm_mdToken_InitToken; + rv->GetLabel = nss_dbm_mdToken_GetLabel; + rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID; + rv->GetModel = nss_dbm_mdToken_GetModel; + /* GetSerialNumber is irrelevant */ + /* GetHasRNG defaults to CK_FALSE */ + rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected; + /* GetLoginRequired defaults to CK_FALSE */ + /* GetUserPinInitialized defaults to CK_FALSE */ + /* GetRestoreKeyNotNeeded is irrelevant */ + /* GetHasClockOnToken defaults to CK_FALSE */ + /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ + /* GetSupportsDualCryptoOperations is irrelevant */ + rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite; + rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite; + /* GetMaxPinLen is irrelevant */ + /* GetMinPinLen is irrelevant */ + /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion; + /* GetFirmwareVersion is irrelevant */ + /* GetUTCTime is irrelevant */ + rv->OpenSession = nss_dbm_mdToken_OpenSession; + rv->null = NULL; + + return rv; } diff --git a/nss/lib/ckfw/exports.gyp b/nss/lib/ckfw/exports.gyp new file mode 100644 index 0000000..b986fd8 --- /dev/null +++ b/nss/lib/ckfw/exports.gyp @@ -0,0 +1,44 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_ckfw_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'nssck.api', + 'nssckepv.h', + 'nssckft.h', + 'nssckfw.h', + 'nssckfwc.h', + 'nssckfwt.h', + 'nssckg.h', + 'nssckmdt.h', + 'nssckt.h' + ], + 'destination': '<(nss_public_dist_dir)/<(module)' + }, + { + 'files': [ + 'ck.h', + 'ckfw.h', + 'ckfwm.h', + 'ckfwtm.h', + 'ckmd.h', + 'ckt.h' + ], + 'destination': '<(nss_private_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/ckfw/find.c b/nss/lib/ckfw/find.c index 8a8a541..55732e6 100644 --- a/nss/lib/ckfw/find.c +++ b/nss/lib/ckfw/find.c @@ -21,7 +21,7 @@ * * -- public accessors -- * NSSCKFWFindObjects_GetMDFindObjects - * + * * -- implement public accessors -- * nssCKFWFindObjects_GetMDFindObjects * @@ -32,17 +32,17 @@ */ struct NSSCKFWFindObjectsStr { - NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ - NSSCKMDFindObjects *mdfo1; - NSSCKMDFindObjects *mdfo2; - NSSCKFWSession *fwSession; - NSSCKMDSession *mdSession; - NSSCKFWToken *fwToken; - NSSCKMDToken *mdToken; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - - NSSCKMDFindObjects *mdFindObjects; /* varies */ + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSCKMDFindObjects *mdfo1; + NSSCKMDFindObjects *mdfo2; + NSSCKFWSession *fwSession; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + NSSCKMDFindObjects *mdFindObjects; /* varies */ }; #ifdef DEBUG @@ -58,30 +58,24 @@ struct NSSCKFWFindObjectsStr { */ static CK_RV -findObjects_add_pointer -( - const NSSCKFWFindObjects *fwFindObjects -) +findObjects_add_pointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } static CK_RV -findObjects_remove_pointer -( - const NSSCKFWFindObjects *fwFindObjects -) +findObjects_remove_pointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWFindObjects_verifyPointer -( - const NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_verifyPointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -91,128 +85,123 @@ nssCKFWFindObjects_verifyPointer * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWFindObjects_Create -( - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - NSSCKMDFindObjects *mdFindObjects1, - NSSCKMDFindObjects *mdFindObjects2, - CK_RV *pError -) +nssCKFWFindObjects_Create( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError) { - NSSCKFWFindObjects *fwFindObjects = NULL; - NSSCKMDSession *mdSession; - NSSCKMDToken *mdToken; - NSSCKMDInstance *mdInstance; - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdToken = nssCKFWToken_GetMDToken(fwToken); - mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - - fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); - if (!fwFindObjects) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwFindObjects->mdfo1 = mdFindObjects1; - fwFindObjects->mdfo2 = mdFindObjects2; - fwFindObjects->fwSession = fwSession; - fwFindObjects->mdSession = mdSession; - fwFindObjects->fwToken = fwToken; - fwFindObjects->mdToken = mdToken; - fwFindObjects->fwInstance = fwInstance; - fwFindObjects->mdInstance = mdInstance; - - fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); - if (!fwFindObjects->mutex) { - goto loser; - } + NSSCKFWFindObjects *fwFindObjects = NULL; + NSSCKMDSession *mdSession; + NSSCKMDToken *mdToken; + NSSCKMDInstance *mdInstance; + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdToken = nssCKFWToken_GetMDToken(fwToken); + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + + fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); + if (!fwFindObjects) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwFindObjects->mdfo1 = mdFindObjects1; + fwFindObjects->mdfo2 = mdFindObjects2; + fwFindObjects->fwSession = fwSession; + fwFindObjects->mdSession = mdSession; + fwFindObjects->fwToken = fwToken; + fwFindObjects->mdToken = mdToken; + fwFindObjects->fwInstance = fwInstance; + fwFindObjects->mdInstance = mdInstance; + + fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); + if (!fwFindObjects->mutex) { + goto loser; + } #ifdef DEBUG - *pError = findObjects_add_pointer(fwFindObjects); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = findObjects_add_pointer(fwFindObjects); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - return fwFindObjects; + return fwFindObjects; - loser: - if( fwFindObjects ) { - if( NULL != mdFindObjects1 ) { - if( NULL != mdFindObjects1->Final ) { - fwFindObjects->mdFindObjects = mdFindObjects1; - mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, - fwSession, mdToken, fwToken, mdInstance, fwInstance); - } - } +loser: + if (fwFindObjects) { + if (NULL != mdFindObjects1) { + if (NULL != mdFindObjects1->Final) { + fwFindObjects->mdFindObjects = mdFindObjects1; + mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } - if( NULL != mdFindObjects2 ) { - if( NULL != mdFindObjects2->Final ) { - fwFindObjects->mdFindObjects = mdFindObjects2; - mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, - fwSession, mdToken, fwToken, mdInstance, fwInstance); - } - } + if (NULL != mdFindObjects2) { + if (NULL != mdFindObjects2->Final) { + fwFindObjects->mdFindObjects = mdFindObjects2; + mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } - nss_ZFreeIf(fwFindObjects); - } + nss_ZFreeIf(fwFindObjects); + } - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - return (NSSCKFWFindObjects *)NULL; + return (NSSCKFWFindObjects *)NULL; } - /* * nssCKFWFindObjects_Destroy * */ NSS_EXTERN void -nssCKFWFindObjects_Destroy -( - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_Destroy( + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwFindObjects->mutex); + (void)nssCKFWMutex_Destroy(fwFindObjects->mutex); - if (fwFindObjects->mdfo1) { - if (fwFindObjects->mdfo1->Final) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; - fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } } - } - - if (fwFindObjects->mdfo2) { - if (fwFindObjects->mdfo2->Final) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; - fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); + + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } } - } - nss_ZFreeIf(fwFindObjects); + nss_ZFreeIf(fwFindObjects); #ifdef DEBUG - (void)findObjects_remove_pointer(fwFindObjects); + (void)findObjects_remove_pointer(fwFindObjects); #endif /* DEBUG */ - return; + return; } /* @@ -220,18 +209,16 @@ nssCKFWFindObjects_Destroy * */ NSS_EXTERN NSSCKMDFindObjects * -nssCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return (NSSCKMDFindObjects *)NULL; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return (NSSCKMDFindObjects *)NULL; + } #endif /* NSSDEBUG */ - return fwFindObjects->mdFindObjects; + return fwFindObjects->mdFindObjects; } /* @@ -239,89 +226,87 @@ nssCKFWFindObjects_GetMDFindObjects * */ NSS_EXTERN NSSCKFWObject * -nssCKFWFindObjects_Next -( - NSSCKFWFindObjects *fwFindObjects, - NSSArena *arenaOpt, - CK_RV *pError -) +nssCKFWFindObjects_Next( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError) { - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL; - NSSArena *objArena; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL; + NSSArena *objArena; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWObject *)NULL; + } - *pError = nssCKFWMutex_Lock(fwFindObjects->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - if (fwFindObjects->mdfo1) { - if (fwFindObjects->mdfo1->Next) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; - mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1, - fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance, - arenaOpt, pError); - if (!mdObject) { - if( CKR_OK != *pError ) { - goto done; - } + *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ - /* All done. */ - fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); - fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; - } else { - goto wrap; - } + *pError = nssCKFWMutex_Lock(fwFindObjects->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; } - } - - if (fwFindObjects->mdfo2) { - if (fwFindObjects->mdfo2->Next) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; - mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2, - fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance, - arenaOpt, pError); - if (!mdObject) { - if( CKR_OK != *pError ) { - goto done; + + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if (CKR_OK != *pError) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; + } else { + goto wrap; + } } + } - /* All done. */ - fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); - fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; - } else { - goto wrap; - } + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if (CKR_OK != *pError) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; + } else { + goto wrap; + } + } } - } - - /* No more objects */ - *pError = CKR_OK; - goto done; - - wrap: - /* + + /* No more objects */ + *pError = CKR_OK; + goto done; + +wrap: + /* * This seems is less than ideal-- we should determine if it's a token * object or a session object, and use the appropriate arena. * But that duplicates logic in nssCKFWObject_IsTokenObject. @@ -336,26 +321,26 @@ nssCKFWFindObjects_Next * exist in the cache from their initial creation). So this code is correct, * but it depends on nssCKFWObject_Create caching all objects. */ - objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError); - if (!objArena) { - if( CKR_OK == *pError ) { - *pError = CKR_HOST_MEMORY; + objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError); + if (!objArena) { + if (CKR_OK == *pError) { + *pError = CKR_HOST_MEMORY; + } + goto done; } - goto done; - } - - fwObject = nssCKFWObject_Create(objArena, mdObject, - NULL, fwFindObjects->fwToken, - fwFindObjects->fwInstance, pError); - if (!fwObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + + fwObject = nssCKFWObject_Create(objArena, mdObject, + NULL, fwFindObjects->fwToken, + fwFindObjects->fwInstance, pError); + if (!fwObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } } - } - done: - (void)nssCKFWMutex_Unlock(fwFindObjects->mutex); - return fwObject; +done: + (void)nssCKFWMutex_Unlock(fwFindObjects->mutex); + return fwObject; } /* @@ -364,16 +349,14 @@ nssCKFWFindObjects_Next */ NSS_EXTERN NSSCKMDFindObjects * -NSSCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -) +NSSCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects) { #ifdef DEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return (NSSCKMDFindObjects *)NULL; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return (NSSCKMDFindObjects *)NULL; + } #endif /* DEBUG */ - return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects); + return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects); } diff --git a/nss/lib/ckfw/hash.c b/nss/lib/ckfw/hash.c index 7d21084..50de4ce 100644 --- a/nss/lib/ckfw/hash.c +++ b/nss/lib/ckfw/hash.c @@ -31,24 +31,22 @@ */ struct nssCKFWHashStr { - NSSCKFWMutex *mutex; + NSSCKFWMutex *mutex; - /* - * The invariant that mutex protects is: - * The count accurately reflects the hashtable state. - */ + /* + * The invariant that mutex protects is: + * The count accurately reflects the hashtable state. + */ - PLHashTable *plHashTable; - CK_ULONG count; + PLHashTable *plHashTable; + CK_ULONG count; }; static PLHashNumber -nss_ckfw_identity_hash -( - const void *key -) +nss_ckfw_identity_hash( + const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -56,53 +54,51 @@ nss_ckfw_identity_hash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWHash_Create -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nssCKFWHash_Create( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nssCKFWHash *rv; + nssCKFWHash *rv; #ifdef NSSDEBUG - if (!pError) { - return (nssCKFWHash *)NULL; - } - - if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { - *pError = CKR_ARGUMENTS_BAD; - return (nssCKFWHash *)NULL; - } + if (!pError) { + return (nssCKFWHash *)NULL; + } + + if (PR_SUCCESS != nssArena_verifyPointer(arena)) { + *pError = CKR_ARGUMENTS_BAD; + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - rv = nss_ZNEW(arena, nssCKFWHash); - if (!rv) { - *pError = CKR_HOST_MEMORY; - return (nssCKFWHash *)NULL; - } + rv = nss_ZNEW(arena, nssCKFWHash); + if (!rv) { + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; + } + + rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!rv->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + (void)nss_ZFreeIf(rv); + return (nssCKFWHash *)NULL; + } - rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!rv->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, + PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); + if (!rv->plHashTable) { + (void)nssCKFWMutex_Destroy(rv->mutex); + (void)nss_ZFreeIf(rv); + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; } - (void)nss_ZFreeIf(rv); - return (nssCKFWHash *)NULL; - } - - rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, - PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); - if (!rv->plHashTable) { - (void)nssCKFWMutex_Destroy(rv->mutex); - (void)nss_ZFreeIf(rv); - *pError = CKR_HOST_MEMORY; - return (nssCKFWHash *)NULL; - } - - rv->count = 0; - - return rv; + + rv->count = 0; + + return rv; } /* @@ -110,14 +106,12 @@ nssCKFWHash_Create * */ NSS_IMPLEMENT void -nssCKFWHash_Destroy -( - nssCKFWHash *hash -) +nssCKFWHash_Destroy( + nssCKFWHash *hash) { - (void)nssCKFWMutex_Destroy(hash->mutex); - PL_HashTableDestroy(hash->plHashTable); - (void)nss_ZFreeIf(hash); + (void)nssCKFWMutex_Destroy(hash->mutex); + PL_HashTableDestroy(hash->plHashTable); + (void)nss_ZFreeIf(hash); } /* @@ -125,31 +119,29 @@ nssCKFWHash_Destroy * */ NSS_IMPLEMENT CK_RV -nssCKFWHash_Add -( - nssCKFWHash *hash, - const void *key, - const void *value -) +nssCKFWHash_Add( + nssCKFWHash *hash, + const void *key, + const void *value) { - CK_RV error = CKR_OK; - PLHashEntry *he; + CK_RV error = CKR_OK; + PLHashEntry *he; + + error = nssCKFWMutex_Lock(hash->mutex); + if (CKR_OK != error) { + return error; + } + + he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); + if (!he) { + error = CKR_HOST_MEMORY; + } else { + hash->count++; + } + + (void)nssCKFWMutex_Unlock(hash->mutex); - error = nssCKFWMutex_Lock(hash->mutex); - if( CKR_OK != error ) { return error; - } - - he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); - if (!he) { - error = CKR_HOST_MEMORY; - } else { - hash->count++; - } - - (void)nssCKFWMutex_Unlock(hash->mutex); - - return error; } /* @@ -157,25 +149,23 @@ nssCKFWHash_Add * */ NSS_IMPLEMENT void -nssCKFWHash_Remove -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Remove( + nssCKFWHash *hash, + const void *it) { - PRBool found; + PRBool found; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return; + } - found = PL_HashTableRemove(hash->plHashTable, it); - if( found ) { - hash->count--; - } + found = PL_HashTableRemove(hash->plHashTable, it); + if (found) { + hash->count--; + } - (void)nssCKFWMutex_Unlock(hash->mutex); - return; + (void)nssCKFWMutex_Unlock(hash->mutex); + return; } /* @@ -183,22 +173,20 @@ nssCKFWHash_Remove * */ NSS_IMPLEMENT CK_ULONG -nssCKFWHash_Count -( - nssCKFWHash *hash -) +nssCKFWHash_Count( + nssCKFWHash *hash) { - CK_ULONG count; + CK_ULONG count; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return (CK_ULONG)0; + } - count = hash->count; + count = hash->count; - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return count; + return count; } /* @@ -206,27 +194,25 @@ nssCKFWHash_Count * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWHash_Exists -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Exists( + nssCKFWHash *hash, + const void *it) { - void *value; + void *value; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return CK_FALSE; + } - value = PL_HashTableLookup(hash->plHashTable, it); + value = PL_HashTableLookup(hash->plHashTable, it); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - if (!value) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if (!value) { + return CK_FALSE; + } else { + return CK_TRUE; + } } /* @@ -234,41 +220,37 @@ nssCKFWHash_Exists * */ NSS_IMPLEMENT void * -nssCKFWHash_Lookup -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Lookup( + nssCKFWHash *hash, + const void *it) { - void *rv; + void *rv; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return (void *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return (void *)NULL; + } - rv = PL_HashTableLookup(hash->plHashTable, it); + rv = PL_HashTableLookup(hash->plHashTable, it); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return rv; + return rv; } struct arg_str { - nssCKFWHashIterator fcn; - void *closure; + nssCKFWHashIterator fcn; + void *closure; }; static PRIntn -nss_ckfwhash_enumerator -( - PLHashEntry *he, - PRIntn index, - void *arg -) +nss_ckfwhash_enumerator( + PLHashEntry *he, + PRIntn index, + void *arg) { - struct arg_str *as = (struct arg_str *)arg; - as->fcn(he->key, he->value, as->closure); - return HT_ENUMERATE_NEXT; + struct arg_str *as = (struct arg_str *)arg; + as->fcn(he->key, he->value, as->closure); + return HT_ENUMERATE_NEXT; } /* @@ -277,24 +259,22 @@ nss_ckfwhash_enumerator * NOTE that the iteration function will be called with the hashtable locked. */ NSS_IMPLEMENT void -nssCKFWHash_Iterate -( - nssCKFWHash *hash, - nssCKFWHashIterator fcn, - void *closure -) +nssCKFWHash_Iterate( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure) { - struct arg_str as; - as.fcn = fcn; - as.closure = closure; + struct arg_str as; + as.fcn = fcn; + as.closure = closure; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return; + } - PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as); + PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return; + return; } diff --git a/nss/lib/ckfw/instance.c b/nss/lib/ckfw/instance.c index b8a5b25..cee56c9 100644 --- a/nss/lib/ckfw/instance.c +++ b/nss/lib/ckfw/instance.c @@ -26,6 +26,8 @@ * NSSCKFWInstance_CreateMutex * NSSCKFWInstance_GetConfigurationData * NSSCKFWInstance_GetInitArgs + * NSSCKFWInstance_DestroySessionHandle + * NSSCKFWInstance_FindSessionHandle * * -- implement public accessors -- * nssCKFWInstance_GetMDInstance @@ -33,13 +35,13 @@ * nssCKFWInstance_MayCreatePthreads * nssCKFWInstance_CreateMutex * nssCKFWInstance_GetConfigurationData - * nssCKFWInstance_GetInitArgs + * nssCKFWInstance_GetInitArgs + * nssCKFWInstance_DestroySessionHandle + * nssCKFWInstance_FindSessionHandle * * -- private accessors -- * nssCKFWInstance_CreateSessionHandle * nssCKFWInstance_ResolveSessionHandle - * nssCKFWInstance_DestroySessionHandle - * nssCKFWInstance_FindSessionHandle * nssCKFWInstance_CreateObjectHandle * nssCKFWInstance_ResolveObjectHandle * nssCKFWInstance_DestroyObjectHandle @@ -60,52 +62,52 @@ */ struct NSSCKFWInstanceStr { - NSSCKFWMutex *mutex; - NSSArena *arena; - NSSCKMDInstance *mdInstance; - CK_C_INITIALIZE_ARGS_PTR pInitArgs; - CK_C_INITIALIZE_ARGS initArgs; - CryptokiLockingState LockingState; - CK_BBOOL mayCreatePthreads; - NSSUTF8 *configurationData; - CK_ULONG nSlots; - NSSCKFWSlot **fwSlotList; - NSSCKMDSlot **mdSlotList; - CK_BBOOL moduleHandlesSessionObjects; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The session handle hashes and count are consistant - * - * 3) The object handle hashes and count are consistant. - * - * I could use multiple locks, but let's wait to see if that's - * really necessary. - * - * Note that the calls accessing the cached descriptions will - * call the NSSCKMDInstance methods with the mutex locked. Those - * methods may then call the public NSSCKFWInstance routines. - * Those public routines only access the constant data above, so - * there's no problem. But be careful if you add to this object; - * mutexes are in general not reentrant, so don't create deadlock - * situations. - */ - - CK_VERSION cryptokiVersion; - NSSUTF8 *manufacturerID; - NSSUTF8 *libraryDescription; - CK_VERSION libraryVersion; - - CK_ULONG lastSessionHandle; - nssCKFWHash *sessionHandleHash; - - CK_ULONG lastObjectHandle; - nssCKFWHash *objectHandleHash; + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDInstance *mdInstance; + CK_C_INITIALIZE_ARGS_PTR pInitArgs; + CK_C_INITIALIZE_ARGS initArgs; + CryptokiLockingState LockingState; + CK_BBOOL mayCreatePthreads; + NSSUTF8 *configurationData; + CK_ULONG nSlots; + NSSCKFWSlot **fwSlotList; + NSSCKMDSlot **mdSlotList; + CK_BBOOL moduleHandlesSessionObjects; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session handle hashes and count are consistant + * + * 3) The object handle hashes and count are consistant. + * + * I could use multiple locks, but let's wait to see if that's + * really necessary. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDInstance methods with the mutex locked. Those + * methods may then call the public NSSCKFWInstance routines. + * Those public routines only access the constant data above, so + * there's no problem. But be careful if you add to this object; + * mutexes are in general not reentrant, so don't create deadlock + * situations. + */ + + CK_VERSION cryptokiVersion; + NSSUTF8 *manufacturerID; + NSSUTF8 *libraryDescription; + CK_VERSION libraryVersion; + + CK_ULONG lastSessionHandle; + nssCKFWHash *sessionHandleHash; + + CK_ULONG lastObjectHandle; + nssCKFWHash *objectHandleHash; }; #ifdef DEBUG @@ -121,30 +123,24 @@ struct NSSCKFWInstanceStr { */ static CK_RV -instance_add_pointer -( - const NSSCKFWInstance *fwInstance -) +instance_add_pointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } static CK_RV -instance_remove_pointer -( - const NSSCKFWInstance *fwInstance -) +instance_remove_pointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWInstance_verifyPointer -( - const NSSCKFWInstance *fwInstance -) +nssCKFWInstance_verifyPointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -154,191 +150,189 @@ nssCKFWInstance_verifyPointer * */ NSS_IMPLEMENT NSSCKFWInstance * -nssCKFWInstance_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSCKMDInstance *mdInstance, - CK_RV *pError -) +nssCKFWInstance_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError) { - NSSCKFWInstance *fwInstance; - NSSArena *arena = (NSSArena *)NULL; - CK_ULONG i; - CK_BBOOL called_Initialize = CK_FALSE; + NSSCKFWInstance *fwInstance; + NSSArena *arena = (NSSArena *)NULL; + CK_ULONG i; + CK_BBOOL called_Initialize = CK_FALSE; #ifdef NSSDEBUG - if( (CK_RV)NULL == pError ) { - return (NSSCKFWInstance *)NULL; - } + if ((CK_RV)NULL == pError) { + return (NSSCKFWInstance *)NULL; + } - if (!mdInstance) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWInstance *)NULL; - } + if (!mdInstance) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWInstance *)NULL; + } #endif /* NSSDEBUG */ - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWInstance *)NULL; - } - - fwInstance = nss_ZNEW(arena, NSSCKFWInstance); - if (!fwInstance) { - goto nomem; - } - - fwInstance->arena = arena; - fwInstance->mdInstance = mdInstance; - - fwInstance->LockingState = LockingState; - if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) { - fwInstance->initArgs = *pInitArgs; - fwInstance->pInitArgs = &fwInstance->initArgs; - if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) { - fwInstance->mayCreatePthreads = CK_FALSE; + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWInstance *)NULL; + } + + fwInstance = nss_ZNEW(arena, NSSCKFWInstance); + if (!fwInstance) { + goto nomem; + } + + fwInstance->arena = arena; + fwInstance->mdInstance = mdInstance; + + fwInstance->LockingState = LockingState; + if ((CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs) { + fwInstance->initArgs = *pInitArgs; + fwInstance->pInitArgs = &fwInstance->initArgs; + if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) { + fwInstance->mayCreatePthreads = CK_FALSE; + } else { + fwInstance->mayCreatePthreads = CK_TRUE; + } + fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); } else { - fwInstance->mayCreatePthreads = CK_TRUE; - } - fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); - } else { - fwInstance->mayCreatePthreads = CK_TRUE; - } - - fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena, - pError); - if (!fwInstance->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - if (mdInstance->Initialize) { - *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData); - if( CKR_OK != *pError ) { - goto loser; - } - - called_Initialize = CK_TRUE; - } - - if (mdInstance->ModuleHandlesSessionObjects) { - fwInstance->moduleHandlesSessionObjects = - mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); - } else { - fwInstance->moduleHandlesSessionObjects = CK_FALSE; - } - - if (!mdInstance->GetNSlots) { - /* That routine is required */ - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError); - if( (CK_ULONG)0 == fwInstance->nSlots ) { - if( CKR_OK == *pError ) { - /* Zero is not a legitimate answer */ - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots); - if( (NSSCKFWSlot **)NULL == fwInstance->fwSlotList ) { - goto nomem; - } - - fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots); - if( (NSSCKMDSlot **)NULL == fwInstance->mdSlotList ) { - goto nomem; - } - - fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance, - fwInstance->arena, pError); - if (!fwInstance->sessionHandleHash) { - goto loser; - } - - fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance, - fwInstance->arena, pError); - if (!fwInstance->objectHandleHash) { - goto loser; - } - - if (!mdInstance->GetSlots) { - /* That routine is required */ - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList); - if( CKR_OK != *pError ) { - goto loser; - } - - for( i = 0; i < fwInstance->nSlots; i++ ) { - NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i]; + fwInstance->mayCreatePthreads = CK_TRUE; + } - if (!mdSlot) { - *pError = CKR_GENERAL_ERROR; - goto loser; + fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena, + pError); + if (!fwInstance->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + if (mdInstance->Initialize) { + *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData); + if (CKR_OK != *pError) { + goto loser; + } + + called_Initialize = CK_TRUE; } - fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError); - if( CKR_OK != *pError ) { - CK_ULONG j; + if (mdInstance->ModuleHandlesSessionObjects) { + fwInstance->moduleHandlesSessionObjects = + mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); + } else { + fwInstance->moduleHandlesSessionObjects = CK_FALSE; + } - for( j = 0; j < i; j++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]); - } + if (!mdInstance->GetNSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } - for( j = i; j < fwInstance->nSlots; j++ ) { - NSSCKMDSlot *mds = fwInstance->mdSlotList[j]; - if (mds->Destroy) { - mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance); + fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError); + if ((CK_ULONG)0 == fwInstance->nSlots) { + if (CKR_OK == *pError) { + /* Zero is not a legitimate answer */ + *pError = CKR_GENERAL_ERROR; } - } + goto loser; + } - goto loser; + fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots); + if ((NSSCKFWSlot **)NULL == fwInstance->fwSlotList) { + goto nomem; + } + + fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots); + if ((NSSCKMDSlot **)NULL == fwInstance->mdSlotList) { + goto nomem; + } + + fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->sessionHandleHash) { + goto loser; + } + + fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->objectHandleHash) { + goto loser; + } + + if (!mdInstance->GetSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList); + if (CKR_OK != *pError) { + goto loser; + } + + for (i = 0; i < fwInstance->nSlots; i++) { + NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i]; + + if (!mdSlot) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError); + if (CKR_OK != *pError) { + CK_ULONG j; + + for (j = 0; j < i; j++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]); + } + + for (j = i; j < fwInstance->nSlots; j++) { + NSSCKMDSlot *mds = fwInstance->mdSlotList[j]; + if (mds->Destroy) { + mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance); + } + } + + goto loser; + } } - } #ifdef DEBUG - *pError = instance_add_pointer(fwInstance); - if( CKR_OK != *pError ) { - for( i = 0; i < fwInstance->nSlots; i++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); - } - - goto loser; - } + *pError = instance_add_pointer(fwInstance); + if (CKR_OK != *pError) { + for (i = 0; i < fwInstance->nSlots; i++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } + + goto loser; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwInstance; + *pError = CKR_OK; + return fwInstance; - nomem: - *pError = CKR_HOST_MEMORY; - /*FALLTHROUGH*/ - loser: +nomem: + *pError = CKR_HOST_MEMORY; +/*FALLTHROUGH*/ +loser: - if( CK_TRUE == called_Initialize ) { - if (mdInstance->Finalize) { - mdInstance->Finalize(mdInstance, fwInstance); + if (CK_TRUE == called_Initialize) { + if (mdInstance->Finalize) { + mdInstance->Finalize(mdInstance, fwInstance); + } } - } - if (fwInstance && fwInstance->mutex) { - nssCKFWMutex_Destroy(fwInstance->mutex); - } + if (fwInstance && fwInstance->mutex) { + nssCKFWMutex_Destroy(fwInstance->mutex); + } - if (arena) { - (void)NSSArena_Destroy(arena); - } - return (NSSCKFWInstance *)NULL; + if (arena) { + (void)NSSArena_Destroy(arena); + } + return (NSSCKFWInstance *)NULL; } /* @@ -346,47 +340,45 @@ nssCKFWInstance_Create * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_Destroy -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_Destroy( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - CK_ULONG i; + CK_ULONG i; #ifdef NSSDEBUG - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - nssCKFWMutex_Destroy(fwInstance->mutex); + nssCKFWMutex_Destroy(fwInstance->mutex); - for( i = 0; i < fwInstance->nSlots; i++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); - } + for (i = 0; i < fwInstance->nSlots; i++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } - if (fwInstance->mdInstance->Finalize) { - fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance); - } + if (fwInstance->mdInstance->Finalize) { + fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance); + } - if (fwInstance->sessionHandleHash) { - nssCKFWHash_Destroy(fwInstance->sessionHandleHash); - } + if (fwInstance->sessionHandleHash) { + nssCKFWHash_Destroy(fwInstance->sessionHandleHash); + } - if (fwInstance->objectHandleHash) { - nssCKFWHash_Destroy(fwInstance->objectHandleHash); - } + if (fwInstance->objectHandleHash) { + nssCKFWHash_Destroy(fwInstance->objectHandleHash); + } #ifdef DEBUG - (void)instance_remove_pointer(fwInstance); + (void)instance_remove_pointer(fwInstance); #endif /* DEBUG */ - (void)NSSArena_Destroy(fwInstance->arena); - return CKR_OK; + (void)NSSArena_Destroy(fwInstance->arena); + return CKR_OK; } /* @@ -394,18 +386,16 @@ nssCKFWInstance_Destroy * */ NSS_IMPLEMENT NSSCKMDInstance * -nssCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKMDInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->mdInstance; + return fwInstance->mdInstance; } /* @@ -413,25 +403,23 @@ nssCKFWInstance_GetMDInstance * */ NSS_IMPLEMENT NSSArena * -nssCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; - return fwInstance->arena; + *pError = CKR_OK; + return fwInstance->arena; } /* @@ -439,18 +427,16 @@ nssCKFWInstance_GetArena * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwInstance->mayCreatePthreads; + return fwInstance->mayCreatePthreads; } /* @@ -458,37 +444,35 @@ nssCKFWInstance_MayCreatePthreads * */ NSS_IMPLEMENT NSSCKFWMutex * -nssCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nssCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - NSSCKFWMutex *mutex; + NSSCKFWMutex *mutex; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWMutex *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWMutex *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWMutex *)NULL; + } - mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState, - arena, pError); - if (!mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWMutex *)NULL; } +#endif /* NSSDEBUG */ + + mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState, + arena, pError); + if (!mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - return (NSSCKFWMutex *)NULL; - } + return (NSSCKFWMutex *)NULL; + } - return mutex; + return mutex; } /* @@ -496,18 +480,16 @@ nssCKFWInstance_CreateMutex * */ NSS_IMPLEMENT NSSUTF8 * -nssCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSUTF8 *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSUTF8 *)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->configurationData; + return fwInstance->configurationData; } /* @@ -515,15 +497,13 @@ nssCKFWInstance_GetConfigurationData * */ CK_C_INITIALIZE_ARGS_PTR -nssCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_C_INITIALIZE_ARGS_PTR)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } #endif /* NSSDEBUG */ return fwInstance->pInitArgs; @@ -534,50 +514,48 @@ nssCKFWInstance_GetInitArgs * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWInstance_CreateSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWInstance_CreateSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError) { - CK_SESSION_HANDLE hSession; + CK_SESSION_HANDLE hSession; #ifdef NSSDEBUG - if (!pError) { - return (CK_SESSION_HANDLE)0; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_SESSION_HANDLE)0; - } + if (!pError) { + return (CK_SESSION_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_SESSION_HANDLE)0; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != *pError ) { - return (CK_SESSION_HANDLE)0; - } - - hSession = ++(fwInstance->lastSessionHandle); - - /* Alan would say I should unlock for this call. */ - - *pError = nssCKFWSession_SetHandle(fwSession, hSession); - if( CKR_OK != *pError ) { - goto done; - } - - *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash, - (const void *)hSession, (const void *)fwSession); - if( CKR_OK != *pError ) { - hSession = (CK_SESSION_HANDLE)0; - goto done; - } - - done: - nssCKFWMutex_Unlock(fwInstance->mutex); - return hSession; + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != *pError) { + return (CK_SESSION_HANDLE)0; + } + + hSession = ++(fwInstance->lastSessionHandle); + + /* Alan would say I should unlock for this call. */ + + *pError = nssCKFWSession_SetHandle(fwSession, hSession); + if (CKR_OK != *pError) { + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash, + (const void *)hSession, (const void *)fwSession); + if (CKR_OK != *pError) { + hSession = (CK_SESSION_HANDLE)0; + goto done; + } + +done: + nssCKFWMutex_Unlock(fwInstance->mutex); + return hSession; } /* @@ -585,32 +563,30 @@ nssCKFWInstance_CreateSessionHandle * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWInstance_ResolveSessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +nssCKFWInstance_ResolveSessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - NSSCKFWSession *fwSession; + NSSCKFWSession *fwSession; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKFWSession *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return (NSSCKFWSession *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return (NSSCKFWSession *)NULL; + } - fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( - fwInstance->sessionHandleHash, (const void *)hSession); + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); - /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */ + /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */ - (void)nssCKFWMutex_Unlock(fwInstance->mutex); + (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return fwSession; + return fwSession; } /* @@ -618,34 +594,32 @@ nssCKFWInstance_ResolveSessionHandle * */ NSS_IMPLEMENT void -nssCKFWInstance_DestroySessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +nssCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - NSSCKFWSession *fwSession; + NSSCKFWSession *fwSession; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return; + } - fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( - fwInstance->sessionHandleHash, (const void *)hSession); - if (fwSession) { - nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); - nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); - } + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); + if (fwSession) { + nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); + nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); + } - (void)nssCKFWMutex_Unlock(fwInstance->mutex); + (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return; + return; } /* @@ -653,24 +627,22 @@ nssCKFWInstance_DestroySessionHandle * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWInstance_FindSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession -) +nssCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_SESSION_HANDLE)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_SESSION_HANDLE)0; + } - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (CK_SESSION_HANDLE)0; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (CK_SESSION_HANDLE)0; + } #endif /* NSSDEBUG */ - return nssCKFWSession_GetHandle(fwSession); - /* look it up and assert? */ + return nssCKFWSession_GetHandle(fwSession); + /* look it up and assert? */ } /* @@ -678,49 +650,47 @@ nssCKFWInstance_FindSessionHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWInstance_CreateObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWInstance_CreateObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_OBJECT_HANDLE hObject; + CK_OBJECT_HANDLE hObject; #ifdef NSSDEBUG - if (!pError) { - return (CK_OBJECT_HANDLE)0; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_OBJECT_HANDLE)0; - } + if (!pError) { + return (CK_OBJECT_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != *pError ) { - return (CK_OBJECT_HANDLE)0; - } - - hObject = ++(fwInstance->lastObjectHandle); - - *pError = nssCKFWObject_SetHandle(fwObject, hObject); - if( CKR_OK != *pError ) { - hObject = (CK_OBJECT_HANDLE)0; - goto done; - } - - *pError = nssCKFWHash_Add(fwInstance->objectHandleHash, - (const void *)hObject, (const void *)fwObject); - if( CKR_OK != *pError ) { - hObject = (CK_OBJECT_HANDLE)0; - goto done; - } - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return hObject; + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != *pError) { + return (CK_OBJECT_HANDLE)0; + } + + hObject = ++(fwInstance->lastObjectHandle); + + *pError = nssCKFWObject_SetHandle(fwObject, hObject); + if (CKR_OK != *pError) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + if (CKR_OK != *pError) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return hObject; } /* @@ -728,31 +698,29 @@ nssCKFWInstance_CreateObjectHandle * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWInstance_ResolveObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -) +nssCKFWInstance_ResolveObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject) { - NSSCKFWObject *fwObject; + NSSCKFWObject *fwObject; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKFWObject *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKFWObject *)NULL; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return (NSSCKFWObject *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return (NSSCKFWObject *)NULL; + } - fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); - /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */ + /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */ - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return fwObject; + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return fwObject; } /* @@ -760,46 +728,44 @@ nssCKFWInstance_ResolveObjectHandle * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_ReassignObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject, - NSSCKFWObject *fwObject -) +nssCKFWInstance_ReassignObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject) { - CK_RV error = CKR_OK; - NSSCKFWObject *oldObject; + CK_RV error = CKR_OK; + NSSCKFWObject *oldObject; #ifdef NSSDEBUG - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } + + oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if (oldObject) { + /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */ + (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0); + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + } + + error = nssCKFWObject_SetHandle(fwObject, hObject); + if (CKR_OK != error) { + goto done; + } + error = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); return error; - } - - oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); - if(oldObject) { - /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */ - (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0); - nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); - } - - error = nssCKFWObject_SetHandle(fwObject, hObject); - if( CKR_OK != error ) { - goto done; - } - error = nssCKFWHash_Add(fwInstance->objectHandleHash, - (const void *)hObject, (const void *)fwObject); - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; } /* @@ -807,34 +773,32 @@ nssCKFWInstance_ReassignObjectHandle * */ NSS_IMPLEMENT void -nssCKFWInstance_DestroyObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -) +nssCKFWInstance_DestroyObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject) { - NSSCKFWObject *fwObject; + NSSCKFWObject *fwObject; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return; + } + + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if (fwObject) { + /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */ + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0); + } + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); return; - } - - fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); - if (fwObject) { - /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */ - nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); - (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0); - } - - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return; } /* @@ -842,23 +806,21 @@ nssCKFWInstance_DestroyObjectHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWInstance_FindObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject -) +nssCKFWInstance_FindObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_OBJECT_HANDLE)0; + } - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - - return nssCKFWObject_GetHandle(fwObject); + + return nssCKFWObject_GetHandle(fwObject); } /* @@ -866,70 +828,66 @@ nssCKFWInstance_FindObjectHandle * */ NSS_IMPLEMENT CK_ULONG -nssCKFWInstance_GetNSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetNSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; - return fwInstance->nSlots; -} + *pError = CKR_OK; + return fwInstance->nSlots; +} /* * nssCKFWInstance_GetCryptokiVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWInstance_GetCryptokiVersion -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetCryptokiVersion( + NSSCKFWInstance *fwInstance) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwInstance->cryptokiVersion.major) || + (0 != fwInstance->cryptokiVersion.minor)) { + rv = fwInstance->cryptokiVersion; + goto done; + } + + if (fwInstance->mdInstance->GetCryptokiVersion) { + fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( + fwInstance->mdInstance, fwInstance); + } else { + fwInstance->cryptokiVersion.major = 2; + fwInstance->cryptokiVersion.minor = 1; + } - if( (0 != fwInstance->cryptokiVersion.major) || - (0 != fwInstance->cryptokiVersion.minor) ) { rv = fwInstance->cryptokiVersion; - goto done; - } - - if (fwInstance->mdInstance->GetCryptokiVersion) { - fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( - fwInstance->mdInstance, fwInstance); - } else { - fwInstance->cryptokiVersion.major = 2; - fwInstance->cryptokiVersion.minor = 1; - } - - rv = fwInstance->cryptokiVersion; - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; } /* @@ -937,48 +895,46 @@ nssCKFWInstance_GetCryptokiVersion * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_GetManufacturerID -( - NSSCKFWInstance *fwInstance, - CK_CHAR manufacturerID[32] -) +nssCKFWInstance_GetManufacturerID( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwInstance->manufacturerID) { - if (fwInstance->mdInstance->GetManufacturerID) { - fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID( - fwInstance->mdInstance, fwInstance, &error); - if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwInstance->manufacturerID = (NSSUTF8 *) ""; + if (!fwInstance->manufacturerID) { + if (fwInstance->mdInstance->GetManufacturerID) { + fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwInstance->manufacturerID = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; } /* @@ -986,19 +942,17 @@ nssCKFWInstance_GetManufacturerID * */ NSS_IMPLEMENT CK_ULONG -nssCKFWInstance_GetFlags -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetFlags( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - /* No "instance flags" are yet defined by Cryptoki. */ - return (CK_ULONG)0; + /* No "instance flags" are yet defined by Cryptoki. */ + return (CK_ULONG)0; } /* @@ -1006,48 +960,46 @@ nssCKFWInstance_GetFlags * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_GetLibraryDescription -( - NSSCKFWInstance *fwInstance, - CK_CHAR libraryDescription[32] -) +nssCKFWInstance_GetLibraryDescription( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == libraryDescription ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == libraryDescription) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwInstance->libraryDescription) { - if (fwInstance->mdInstance->GetLibraryDescription) { - fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription( - fwInstance->mdInstance, fwInstance, &error); - if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { - goto done; - } - } else { - fwInstance->libraryDescription = (NSSUTF8 *) ""; + if (!fwInstance->libraryDescription) { + if (fwInstance->mdInstance->GetLibraryDescription) { + fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { + goto done; + } + } else { + fwInstance->libraryDescription = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; } /* @@ -1055,43 +1007,41 @@ nssCKFWInstance_GetLibraryDescription * */ NSS_IMPLEMENT CK_VERSION -nssCKFWInstance_GetLibraryVersion -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetLibraryVersion( + NSSCKFWInstance *fwInstance) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwInstance->libraryVersion.major) || + (0 != fwInstance->libraryVersion.minor)) { + rv = fwInstance->libraryVersion; + goto done; + } + + if (fwInstance->mdInstance->GetLibraryVersion) { + fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( + fwInstance->mdInstance, fwInstance); + } else { + fwInstance->libraryVersion.major = 0; + fwInstance->libraryVersion.minor = 3; + } - if( (0 != fwInstance->libraryVersion.major) || - (0 != fwInstance->libraryVersion.minor) ) { rv = fwInstance->libraryVersion; - goto done; - } - - if (fwInstance->mdInstance->GetLibraryVersion) { - fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( - fwInstance->mdInstance, fwInstance); - } else { - fwInstance->libraryVersion.major = 0; - fwInstance->libraryVersion.minor = 3; - } - - rv = fwInstance->libraryVersion; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; } /* @@ -1099,18 +1049,16 @@ nssCKFWInstance_GetLibraryVersion * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWInstance_GetModuleHandlesSessionObjects -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetModuleHandlesSessionObjects( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwInstance->moduleHandlesSessionObjects; + return fwInstance->moduleHandlesSessionObjects; } /* @@ -1118,24 +1066,22 @@ nssCKFWInstance_GetModuleHandlesSessionObjects * */ NSS_IMPLEMENT NSSCKFWSlot ** -nssCKFWInstance_GetSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot **)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot **)NULL; - } + if (!pError) { + return (NSSCKFWSlot **)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot **)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->fwSlotList; + return fwInstance->fwSlotList; } /* @@ -1143,72 +1089,69 @@ nssCKFWInstance_GetSlots * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWInstance_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError -) +nssCKFWInstance_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError) { - NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL; - NSSCKMDSlot *mdSlot; - CK_ULONG i, n; + NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL; + NSSCKMDSlot *mdSlot; + CK_ULONG i, n; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot *)NULL; - } - - switch( block ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWSlot *)NULL; - } + if (!pError) { + return (NSSCKFWSlot *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot *)NULL; + } + + switch (block) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - if (!fwInstance->mdInstance->WaitForSlotEvent) { - *pError = CKR_NO_EVENT; - return (NSSCKFWSlot *)NULL; - } - - mdSlot = fwInstance->mdInstance->WaitForSlotEvent( - fwInstance->mdInstance, - fwInstance, - block, - pError - ); - - if (!mdSlot) { - return (NSSCKFWSlot *)NULL; - } - - n = nssCKFWInstance_GetNSlots(fwInstance, pError); - if( ((CK_ULONG)0 == n) && (CKR_OK != *pError) ) { - return (NSSCKFWSlot *)NULL; - } - - for( i = 0; i < n; i++ ) { - if( fwInstance->mdSlotList[i] == mdSlot ) { - fwSlot = fwInstance->fwSlotList[i]; - break; - } - } - - if (!fwSlot) { - /* Internal error */ - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWSlot *)NULL; - } - - return fwSlot; + if (!fwInstance->mdInstance->WaitForSlotEvent) { + *pError = CKR_NO_EVENT; + return (NSSCKFWSlot *)NULL; + } + + mdSlot = fwInstance->mdInstance->WaitForSlotEvent( + fwInstance->mdInstance, + fwInstance, + block, + pError); + + if (!mdSlot) { + return (NSSCKFWSlot *)NULL; + } + + n = nssCKFWInstance_GetNSlots(fwInstance, pError); + if (((CK_ULONG)0 == n) && (CKR_OK != *pError)) { + return (NSSCKFWSlot *)NULL; + } + + for (i = 0; i < n; i++) { + if (fwInstance->mdSlotList[i] == mdSlot) { + fwSlot = fwInstance->fwSlotList[i]; + break; + } + } + + if (!fwSlot) { + /* Internal error */ + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; + } + + return fwSlot; } /* @@ -1216,18 +1159,16 @@ nssCKFWInstance_WaitForSlotEvent * */ NSS_IMPLEMENT NSSCKMDInstance * -NSSCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKMDInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetMDInstance(fwInstance); + return nssCKFWInstance_GetMDInstance(fwInstance); } /* @@ -1235,24 +1176,22 @@ NSSCKFWInstance_GetMDInstance * */ NSS_IMPLEMENT NSSArena * -NSSCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +NSSCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetArena(fwInstance, pError); + return nssCKFWInstance_GetArena(fwInstance, pError); } /* @@ -1260,18 +1199,16 @@ NSSCKFWInstance_GetArena * */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWInstance_MayCreatePthreads(fwInstance); + return nssCKFWInstance_MayCreatePthreads(fwInstance); } /* @@ -1279,25 +1216,23 @@ NSSCKFWInstance_MayCreatePthreads * */ NSS_IMPLEMENT NSSCKFWMutex * -NSSCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +NSSCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSCKFWMutex *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWMutex *)NULL; - } + if (!pError) { + return (NSSCKFWMutex *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWMutex *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + return nssCKFWInstance_CreateMutex(fwInstance, arena, pError); } /* @@ -1305,18 +1240,16 @@ NSSCKFWInstance_CreateMutex * */ NSS_IMPLEMENT NSSUTF8 * -NSSCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSUTF8 *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSUTF8 *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetConfigurationData(fwInstance); + return nssCKFWInstance_GetConfigurationData(fwInstance); } /* @@ -1324,17 +1257,38 @@ NSSCKFWInstance_GetConfigurationData * */ NSS_IMPLEMENT CK_C_INITIALIZE_ARGS_PTR -NSSCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_C_INITIALIZE_ARGS_PTR)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetInitArgs(fwInstance); + return nssCKFWInstance_GetInitArgs(fwInstance); +} + +/* + * nssCKFWInstance_DestroySessionHandle + * + */ +NSS_IMPLEMENT void +NSSCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) +{ + nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); } +/* + * nssCKFWInstance_FindSessionHandle + * + */ +NSS_IMPLEMENT CK_SESSION_HANDLE +NSSCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession) +{ + return nssCKFWInstance_FindSessionHandle(fwInstance, fwSession); +} diff --git a/nss/lib/ckfw/mechanism.c b/nss/lib/ckfw/mechanism.c index 14baf02..fe20aa9 100644 --- a/nss/lib/ckfw/mechanism.c +++ b/nss/lib/ckfw/mechanism.c @@ -55,13 +55,12 @@ * nssCKFWMechanism_DeriveKey */ - struct NSSCKFWMechanismStr { - NSSCKMDMechanism *mdMechanism; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; + NSSCKMDMechanism *mdMechanism; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; }; /* @@ -69,28 +68,25 @@ struct NSSCKFWMechanismStr { * */ NSS_IMPLEMENT NSSCKFWMechanism * -nssCKFWMechanism_Create -( - NSSCKMDMechanism *mdMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nssCKFWMechanism_Create( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - NSSCKFWMechanism *fwMechanism; - - - fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); - if (!fwMechanism) { - return (NSSCKFWMechanism *)NULL; - } - fwMechanism->mdMechanism = mdMechanism; - fwMechanism->mdToken = mdToken; - fwMechanism->fwToken = fwToken; - fwMechanism->mdInstance = mdInstance; - fwMechanism->fwInstance = fwInstance; - return fwMechanism; + NSSCKFWMechanism *fwMechanism; + + fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); + if (!fwMechanism) { + return (NSSCKFWMechanism *)NULL; + } + fwMechanism->mdMechanism = mdMechanism; + fwMechanism->mdToken = mdToken; + fwMechanism->fwToken = fwToken; + fwMechanism->mdInstance = mdInstance; + fwMechanism->fwInstance = fwInstance; + return fwMechanism; } /* @@ -98,24 +94,22 @@ nssCKFWMechanism_Create * */ NSS_IMPLEMENT void -nssCKFWMechanism_Destroy -( - NSSCKFWMechanism *fwMechanism -) +nssCKFWMechanism_Destroy( + NSSCKFWMechanism *fwMechanism) { - /* destroy any fw resources held by nssCKFWMechanism (currently none) */ - - if (!fwMechanism->mdMechanism->Destroy) { - /* destroys it's parent as well */ - fwMechanism->mdMechanism->Destroy( - fwMechanism->mdMechanism, - fwMechanism, - fwMechanism->mdInstance, - fwMechanism->fwInstance); - } - /* if the Destroy function wasn't supplied, then the mechanism is 'static', - * and there is nothing to destroy */ - return; + /* destroy any fw resources held by nssCKFWMechanism (currently none) */ + + if (fwMechanism->mdMechanism->Destroy) { + /* destroys it's parent as well */ + fwMechanism->mdMechanism->Destroy( + fwMechanism->mdMechanism, + fwMechanism, + fwMechanism->mdInstance, + fwMechanism->fwInstance); + } + /* if the Destroy function wasn't supplied, then the mechanism is 'static', + * and there is nothing to destroy */ + return; } /* @@ -123,12 +117,10 @@ nssCKFWMechanism_Destroy * */ NSS_IMPLEMENT NSSCKMDMechanism * -nssCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -) +nssCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism) { - return fwMechanism->mdMechanism; + return fwMechanism->mdMechanism; } /* @@ -136,19 +128,17 @@ nssCKFWMechanism_GetMDMechanism * */ NSS_IMPLEMENT CK_ULONG -nssCKFWMechanism_GetMinKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetMinKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetMinKeySize) { - return 0; - } + if (!fwMechanism->mdMechanism->GetMinKeySize) { + return 0; + } - return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } /* @@ -156,19 +146,17 @@ nssCKFWMechanism_GetMinKeySize * */ NSS_IMPLEMENT CK_ULONG -nssCKFWMechanism_GetMaxKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetMaxKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetMaxKeySize) { - return 0; - } + if (!fwMechanism->mdMechanism->GetMaxKeySize) { + return 0; + } - return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } /* @@ -176,22 +164,19 @@ nssCKFWMechanism_GetMaxKeySize * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWMechanism_GetInHardware -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetInHardware( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetInHardware) { - return CK_FALSE; - } + if (!fwMechanism->mdMechanism->GetInHardware) { + return CK_FALSE; + } - return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } - /* * the following are determined automatically by which of the cryptographic * functions are defined for this mechanism. @@ -201,16 +186,14 @@ nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanEncrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanEncrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->EncryptInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->EncryptInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -218,16 +201,14 @@ nssCKFWMechanism_GetCanEncrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDecrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDecrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DecryptInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DecryptInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -235,16 +216,14 @@ nssCKFWMechanism_GetCanDecrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDigest -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDigest( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DigestInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DigestInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -252,16 +231,14 @@ nssCKFWMechanism_GetCanDigest * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSign -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanSign( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->SignInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->SignInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -269,16 +246,14 @@ nssCKFWMechanism_GetCanSign * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSignRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanSignRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->SignRecoverInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -286,16 +261,14 @@ nssCKFWMechanism_GetCanSignRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerify -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanVerify( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->VerifyInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->VerifyInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -303,16 +276,14 @@ nssCKFWMechanism_GetCanVerify * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerifyRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanVerifyRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->VerifyRecoverInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -320,16 +291,14 @@ nssCKFWMechanism_GetCanVerifyRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerate -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanGenerate( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GenerateKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->GenerateKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -337,16 +306,14 @@ nssCKFWMechanism_GetCanGenerate * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanGenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GenerateKeyPair) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -354,16 +321,14 @@ nssCKFWMechanism_GetCanGenerateKeyPair * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanUnwrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanUnwrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->UnwrapKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->UnwrapKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -371,16 +336,14 @@ nssCKFWMechanism_GetCanUnwrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanWrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanWrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->WrapKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->WrapKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -388,55 +351,50 @@ nssCKFWMechanism_GetCanWrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDerive -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDerive( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DeriveKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DeriveKey) { + return CK_FALSE; + } + return CK_TRUE; } /* * These are the actual crypto operations */ -/* +/* * nssCKFWMechanism_EncryptInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_EncryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_EncryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->EncryptInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->EncryptInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->EncryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->EncryptInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -448,58 +406,54 @@ nssCKFWMechanism_EncryptInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Encrypt, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_EncryptDecrypt); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Encrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_DecryptInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_DecryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_DecryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->DecryptInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->DecryptInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DecryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->DecryptInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -511,55 +465,51 @@ nssCKFWMechanism_DecryptInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Decrypt, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_EncryptDecrypt); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Decrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_DigestInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_DigestInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession -) +nssCKFWMechanism_DigestInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_Digest); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } - if (!fwMechanism->mdMechanism->DigestInit) { - return CKR_FUNCTION_FAILED; - } + if (!fwMechanism->mdMechanism->DigestInit) { + return CKR_FUNCTION_FAILED; + } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdOperation = fwMechanism->mdMechanism->DigestInit( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdOperation = fwMechanism->mdMechanism->DigestInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -569,58 +519,54 @@ nssCKFWMechanism_DigestInit fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Digest, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_Digest); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Digest, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_Digest); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_SignInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_SignInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->SignInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->SignInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -632,58 +578,54 @@ nssCKFWMechanism_SignInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Sign, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Sign, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_VerifyInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_VerifyInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->VerifyInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->VerifyInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -695,58 +637,54 @@ nssCKFWMechanism_VerifyInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Verify, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Verify, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_SignRecoverInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_SignRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->SignRecoverInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->SignRecoverInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignRecoverInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -758,58 +696,54 @@ nssCKFWMechanism_SignRecoverInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_SignRecover, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_SignRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_VerifyRecoverInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_VerifyRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->VerifyRecoverInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -821,59 +755,56 @@ nssCKFWMechanism_VerifyRecoverInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_VerifyRecover, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_VerifyRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } /* * nssCKFWMechanism_GenerateKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_GenerateKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_GenerateKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->GenerateKey) { - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->GenerateKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = fwMechanism->mdMechanism->GenerateKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = fwMechanism->mdMechanism->GenerateKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -887,53 +818,51 @@ nssCKFWMechanism_GenerateKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } /* * nssCKFWMechanism_GenerateKeyPair */ NSS_EXTERN CK_RV -nssCKFWMechanism_GenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKFWObject **fwPublicKeyObject, - NSSCKFWObject **fwPrivateKeyObject -) +nssCKFWMechanism_GenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdPublicKeyObject; - NSSCKMDObject *mdPrivateKeyObject; - NSSArena *arena; - CK_RV error = CKR_OK; - - if (!fwMechanism->mdMechanism->GenerateKeyPair) { - return CKR_FUNCTION_FAILED; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); - if (!arena) { - if (CKR_OK == error) { - error = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdPublicKeyObject; + NSSCKMDObject *mdPrivateKeyObject; + NSSArena *arena; + CK_RV error = CKR_OK; + + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CKR_FUNCTION_FAILED; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); + if (!arena) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; } - return error; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - error = fwMechanism->mdMechanism->GenerateKeyPair( + mdSession = nssCKFWSession_GetMDSession(fwSession); + error = fwMechanism->mdMechanism->GenerateKeyPair( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -950,48 +879,46 @@ nssCKFWMechanism_GenerateKeyPair &mdPublicKeyObject, &mdPrivateKeyObject); - if (CKR_OK != error) { - return error; - } + if (CKR_OK != error) { + return error; + } - *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); - if (!*fwPublicKeyObject) { - return error; - } - *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + if (!*fwPublicKeyObject) { + return error; + } + *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); - return error; + return error; } /* * nssCKFWMechanism_GetWrapKeyLength */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetWrapKeyLength -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwKeyObject, - CK_RV *pError -) +nssCKFWMechanism_GetWrapKeyLength( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKMDObject *mdKeyObject; - - if (!fwMechanism->mdMechanism->WrapKey) { - *pError = CKR_FUNCTION_FAILED; - return (CK_ULONG) 0; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); - return fwMechanism->mdMechanism->GetWrapKeyLength( + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + *pError = CKR_FUNCTION_FAILED; + return (CK_ULONG)0; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->GetWrapKeyLength( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1012,28 +939,26 @@ nssCKFWMechanism_GetWrapKeyLength * nssCKFWMechanism_WrapKey */ NSS_EXTERN CK_RV -nssCKFWMechanism_WrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwKeyObject, - NSSItem *wrappedKey -) +nssCKFWMechanism_WrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKMDObject *mdKeyObject; - - if (!fwMechanism->mdMechanism->WrapKey) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); - return fwMechanism->mdMechanism->WrapKey( + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->WrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1054,44 +979,42 @@ nssCKFWMechanism_WrapKey * nssCKFWMechanism_UnwrapKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_UnwrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_UnwrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->UnwrapKey) { - /* we could simulate UnwrapKey using Decrypt and Create object, but + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->UnwrapKey) { + /* we could simulate UnwrapKey using Decrypt and Create object, but * 1) it's not clear that would work well, and 2) the low level token * may want to restrict unwrap key for a reason, so just fail it it * can't be done */ - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdObject = fwMechanism->mdMechanism->UnwrapKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdObject = fwMechanism->mdMechanism->UnwrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1108,53 +1031,51 @@ nssCKFWMechanism_UnwrapKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } -/* +/* * nssCKFWMechanism_DeriveKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_DeriveKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwBaseKeyObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_DeriveKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKMDObject *mdBaseKeyObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->DeriveKey) { - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdBaseKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->DeriveKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); - mdObject = fwMechanism->mdMechanism->DeriveKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); + mdObject = fwMechanism->mdMechanism->DeriveKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1170,13 +1091,12 @@ nssCKFWMechanism_DeriveKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } - diff --git a/nss/lib/ckfw/mutex.c b/nss/lib/ckfw/mutex.c index 0d74cf1..be569e1 100644 --- a/nss/lib/ckfw/mutex.c +++ b/nss/lib/ckfw/mutex.c @@ -31,7 +31,7 @@ */ struct NSSCKFWMutexStr { - PRLock *lock; + PRLock *lock; }; #ifdef DEBUG @@ -47,30 +47,24 @@ struct NSSCKFWMutexStr { */ static CK_RV -mutex_add_pointer -( - const NSSCKFWMutex *fwMutex -) +mutex_add_pointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } static CK_RV -mutex_remove_pointer -( - const NSSCKFWMutex *fwMutex -) +mutex_remove_pointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWMutex_verifyPointer -( - const NSSCKFWMutex *fwMutex -) +nssCKFWMutex_verifyPointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -80,78 +74,74 @@ nssCKFWMutex_verifyPointer * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWMutex_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSArena *arena, - CK_RV *pError -) +nssCKFWMutex_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError) { - NSSCKFWMutex *mutex; - - mutex = nss_ZNEW(arena, NSSCKFWMutex); - if (!mutex) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWMutex *)NULL; - } - *pError = CKR_OK; - mutex->lock = NULL; - if (LockingState == MultiThreaded) { - mutex->lock = PR_NewLock(); - if (!mutex->lock) { - *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */ + NSSCKFWMutex *mutex; + + mutex = nss_ZNEW(arena, NSSCKFWMutex); + if (!mutex) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWMutex *)NULL; + } + *pError = CKR_OK; + mutex->lock = NULL; + if (LockingState == MultiThreaded) { + mutex->lock = PR_NewLock(); + if (!mutex->lock) { + *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */ + } + } + + if (CKR_OK != *pError) { + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; } - } - - if( CKR_OK != *pError ) { - (void)nss_ZFreeIf(mutex); - return (NSSCKFWMutex *)NULL; - } #ifdef DEBUG - *pError = mutex_add_pointer(mutex); - if( CKR_OK != *pError ) { - if (mutex->lock) { - PR_DestroyLock(mutex->lock); + *pError = mutex_add_pointer(mutex); + if (CKR_OK != *pError) { + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; } - (void)nss_ZFreeIf(mutex); - return (NSSCKFWMutex *)NULL; - } #endif /* DEBUG */ - return mutex; -} + return mutex; +} /* * nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Destroy( + NSSCKFWMutex *mutex) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; #ifdef NSSDEBUG - rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - - if (mutex->lock) { - PR_DestroyLock(mutex->lock); - } + + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } #ifdef DEBUG - (void)mutex_remove_pointer(mutex); + (void)mutex_remove_pointer(mutex); #endif /* DEBUG */ - (void)nss_ZFreeIf(mutex); - return rv; + (void)nss_ZFreeIf(mutex); + return rv; } /* @@ -159,22 +149,20 @@ nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Lock -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Lock( + NSSCKFWMutex *mutex) { #ifdef NSSDEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - if (mutex->lock) { - PR_Lock(mutex->lock); - } - - return CKR_OK; + if (mutex->lock) { + PR_Lock(mutex->lock); + } + + return CKR_OK; } /* @@ -182,29 +170,27 @@ nssCKFWMutex_Lock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Unlock( + NSSCKFWMutex *mutex) { - PRStatus nrv; + PRStatus nrv; #ifdef NSSDEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - if (!mutex->lock) - return CKR_OK; + if (!mutex->lock) + return CKR_OK; - nrv = PR_Unlock(mutex->lock); + nrv = PR_Unlock(mutex->lock); - /* if unlock fails, either we have a programming error, or we have - * some sort of hardware failure... in either case return CKR_DEVICE_ERROR. - */ - return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR; + /* if unlock fails, either we have a programming error, or we have + * some sort of hardware failure... in either case return CKR_DEVICE_ERROR. + */ + return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR; } /* @@ -212,19 +198,17 @@ nssCKFWMutex_Unlock * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Destroy( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - - return nssCKFWMutex_Destroy(mutex); + + return nssCKFWMutex_Destroy(mutex); } /* @@ -232,19 +216,17 @@ NSSCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Lock -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Lock( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - - return nssCKFWMutex_Lock(mutex); + + return nssCKFWMutex_Lock(mutex); } /* @@ -252,18 +234,15 @@ NSSCKFWMutex_Lock * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Unlock( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - return nssCKFWMutex_Unlock(mutex); + return nssCKFWMutex_Unlock(mutex); } - diff --git a/nss/lib/ckfw/nssckfw.h b/nss/lib/ckfw/nssckfw.h index 4343eab..0f93eaa 100644 --- a/nss/lib/ckfw/nssckfw.h +++ b/nss/lib/ckfw/nssckfw.h @@ -8,7 +8,7 @@ /* * nssckfw.h * - * This file prototypes the publicly available calls of the + * This file prototypes the publicly available calls of the * NSS Cryptoki Framework. */ @@ -32,6 +32,9 @@ * NSSCKFWInstance_MayCreatePthreads * NSSCKFWInstance_CreateMutex * NSSCKFWInstance_GetConfigurationData + * NSSCKFWInstance_GetInitArgs + * NSSCKFWInstance_DestroySessionHandle + * NSSCKFWInstance_FindSessionHandle */ /* @@ -40,10 +43,8 @@ */ NSS_EXTERN NSSCKMDInstance * -NSSCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_GetArena @@ -51,11 +52,9 @@ NSSCKFWInstance_GetMDInstance */ NSS_EXTERN NSSArena * -NSSCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +NSSCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * NSSCKFWInstance_MayCreatePthreads @@ -63,10 +62,8 @@ NSSCKFWInstance_GetArena */ NSS_EXTERN CK_BBOOL -NSSCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_CreateMutex @@ -74,12 +71,10 @@ NSSCKFWInstance_MayCreatePthreads */ NSS_EXTERN NSSCKFWMutex * -NSSCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +NSSCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * NSSCKFWInstance_GetConfigurationData @@ -87,10 +82,8 @@ NSSCKFWInstance_CreateMutex */ NSS_EXTERN NSSUTF8 * -NSSCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_GetInitArgs @@ -98,10 +91,26 @@ NSSCKFWInstance_GetConfigurationData */ NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR -NSSCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance); + +/* + * nssCKFWInstance_DestroySessionHandle + * + */ +NSS_EXTERN void +NSSCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); + +/* + * nssCKFWInstance_FindSessionHandle + * + */ +NSS_EXTERN CK_SESSION_HANDLE +NSSCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession); /* * NSSCKFWSlot @@ -109,6 +118,7 @@ NSSCKFWInstance_GetInitArgs * NSSCKFWSlot_GetMDSlot * NSSCKFWSlot_GetFWInstance * NSSCKFWSlot_GetMDInstance + * NSSCKFWSlot_GetSlotID * */ @@ -118,10 +128,8 @@ NSSCKFWInstance_GetInitArgs */ NSS_EXTERN NSSCKMDSlot * -NSSCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot); /* * NSSCKFWSlot_GetFWInstance @@ -129,10 +137,8 @@ NSSCKFWSlot_GetMDSlot */ NSS_EXTERN NSSCKFWInstance * -NSSCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot); /* * NSSCKFWSlot_GetMDInstance @@ -140,10 +146,17 @@ NSSCKFWSlot_GetFWInstance */ NSS_EXTERN NSSCKMDInstance * -NSSCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot); + +/* + * NSSCKFWSlot_GetSlotID + * + */ + +NSS_EXTERN CK_SLOT_ID +NSSCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot); /* * NSSCKFWToken @@ -161,10 +174,8 @@ NSSCKFWSlot_GetMDInstance */ NSS_EXTERN NSSCKMDToken * -NSSCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetMDToken( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetArena @@ -172,11 +183,9 @@ NSSCKFWToken_GetMDToken */ NSS_EXTERN NSSArena * -NSSCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -); +NSSCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError); /* * NSSCKFWToken_GetFWSlot @@ -184,10 +193,8 @@ NSSCKFWToken_GetArena */ NSS_EXTERN NSSCKFWSlot * -NSSCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetMDSlot @@ -195,10 +202,8 @@ NSSCKFWToken_GetFWSlot */ NSS_EXTERN NSSCKMDSlot * -NSSCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetSessionState @@ -206,10 +211,8 @@ NSSCKFWToken_GetMDSlot */ NSS_EXTERN CK_STATE -NSSCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetSessionState( + NSSCKFWToken *fwToken); /* * NSSCKFWMechanism @@ -225,10 +228,8 @@ NSSCKFWToken_GetSessionState */ NSS_EXTERN NSSCKMDMechanism * -NSSCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -); +NSSCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism); /* * NSSCKFWMechanism_GetParameter @@ -236,10 +237,8 @@ NSSCKFWMechanism_GetMDMechanism */ NSS_EXTERN NSSItem * -NSSCKFWMechanism_GetParameter -( - NSSCKFWMechanism *fwMechanism -); +NSSCKFWMechanism_GetParameter( + NSSCKFWMechanism *fwMechanism); /* * NSSCKFWSession @@ -250,6 +249,7 @@ NSSCKFWMechanism_GetParameter * NSSCKFWSession_IsRWSession * NSSCKFWSession_IsSO * NSSCKFWSession_GetCurrentCryptoOperation + * NSSCKFWSession_GetFWSlot * */ @@ -259,10 +259,8 @@ NSSCKFWMechanism_GetParameter */ NSS_EXTERN NSSCKMDSession * -NSSCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_GetMDSession( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_GetArena @@ -270,11 +268,9 @@ NSSCKFWSession_GetMDSession */ NSS_EXTERN NSSArena * -NSSCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +NSSCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * NSSCKFWSession_CallNotification @@ -282,11 +278,9 @@ NSSCKFWSession_GetArena */ NSS_EXTERN CK_RV -NSSCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -); +NSSCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event); /* * NSSCKFWSession_IsRWSession @@ -294,10 +288,8 @@ NSSCKFWSession_CallNotification */ NSS_EXTERN CK_BBOOL -NSSCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_IsRWSession( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_IsSO @@ -305,10 +297,8 @@ NSSCKFWSession_IsRWSession */ NSS_EXTERN CK_BBOOL -NSSCKFWSession_IsSO -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_IsSO( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_GetCurrentCryptoOperation @@ -316,11 +306,18 @@ NSSCKFWSession_IsSO */ NSS_EXTERN NSSCKFWCryptoOperation * -NSSCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -); +NSSCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state); + +/* + * NSSCKFWSession_GetFWSlot + * + */ + +NSS_EXTERN NSSCKFWSlot * +NSSCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession); /* * NSSCKFWObject @@ -340,91 +337,75 @@ NSSCKFWSession_GetCurrentCryptoOperation * */ NSS_EXTERN NSSCKMDObject * -NSSCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -); +NSSCKFWObject_GetMDObject( + NSSCKFWObject *fwObject); /* * NSSCKFWObject_GetArena * */ NSS_EXTERN NSSArena * -NSSCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWObject_IsTokenObject * */ NSS_EXTERN CK_BBOOL -NSSCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -); +NSSCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject); /* * NSSCKFWObject_GetAttributeCount * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWObject_GetAttributeTypes * */ NSS_EXTERN CK_RV -NSSCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +NSSCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); /* * NSSCKFWObject_GetAttributeSize * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +NSSCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); /* * NSSCKFWObject_GetAttribute * */ NSS_EXTERN NSSItem * -NSSCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -); +NSSCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError); /* * NSSCKFWObject_GetObjectSize * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWFindObjects @@ -439,10 +420,8 @@ NSSCKFWObject_GetObjectSize */ NSS_EXTERN NSSCKMDFindObjects * -NSSCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects * -); +NSSCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *); /* * NSSCKFWMutex @@ -459,10 +438,8 @@ NSSCKFWFindObjects_GetMDFindObjects */ NSS_EXTERN CK_RV -NSSCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Destroy( + NSSCKFWMutex *mutex); /* * NSSCKFWMutex_Lock @@ -470,10 +447,8 @@ NSSCKFWMutex_Destroy */ NSS_EXTERN CK_RV -NSSCKFWMutex_Lock -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Lock( + NSSCKFWMutex *mutex); /* * NSSCKFWMutex_Unlock @@ -481,10 +456,7 @@ NSSCKFWMutex_Lock */ NSS_EXTERN CK_RV -NSSCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Unlock( + NSSCKFWMutex *mutex); #endif /* NSSCKFW_H */ - diff --git a/nss/lib/ckfw/nssckfwc.h b/nss/lib/ckfw/nssckfwc.h index 3c11e96..734a67c 100644 --- a/nss/lib/ckfw/nssckfwc.h +++ b/nss/lib/ckfw/nssckfwc.h @@ -8,7 +8,7 @@ /* * nssckfwc.h * - * This file prototypes all of the NSS Cryptoki Framework "wrapper" + * This file prototypes all of the NSS Cryptoki Framework "wrapper" * which implement the PKCS#11 API. Technically, these are public * routines (with capital "NSS" prefixes), since they are called * from (generated) code within a Module using the Framework. @@ -104,34 +104,28 @@ * */ NSS_EXTERN CK_RV -NSSCKFWC_Initialize -( - NSSCKFWInstance **pFwInstance, - NSSCKMDInstance *mdInstance, - CK_VOID_PTR pInitArgs -); +NSSCKFWC_Initialize( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs); /* * NSSCKFWC_Finalize * */ NSS_EXTERN CK_RV -NSSCKFWC_Finalize -( - NSSCKFWInstance **pFwInstance -); +NSSCKFWC_Finalize( + NSSCKFWInstance **pFwInstance); /* * NSSCKFWC_GetInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetInfo -( - NSSCKFWInstance *fwInstance, - CK_INFO_PTR pInfo -); - +NSSCKFWC_GetInfo( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo); + /* * C_GetFunctionList is implemented entirely in the Module's file which * includes the Framework API insert file. It requires no "actual" @@ -143,871 +137,743 @@ NSSCKFWC_GetInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSlotList -( - NSSCKFWInstance *fwInstance, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount -); - +NSSCKFWC_GetSlotList( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + /* * NSSCKFWC_GetSlotInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSlotInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo -); +NSSCKFWC_GetSlotInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo); /* * NSSCKFWC_GetTokenInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetTokenInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo -); +NSSCKFWC_GetTokenInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo); /* * NSSCKFWC_WaitForSlotEvent * */ NSS_EXTERN CK_RV -NSSCKFWC_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved -); +NSSCKFWC_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); /* * NSSCKFWC_GetMechanismList * */ NSS_EXTERN CK_RV -NSSCKFWC_GetMechanismList -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount -); +NSSCKFWC_GetMechanismList( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); /* * NSSCKFWC_GetMechanismInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetMechanismInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo -); +NSSCKFWC_GetMechanismInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); /* * NSSCKFWC_InitToken * */ NSS_EXTERN CK_RV -NSSCKFWC_InitToken -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_CHAR_PTR pLabel -); +NSSCKFWC_InitToken( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel); /* * NSSCKFWC_InitPIN * */ NSS_EXTERN CK_RV -NSSCKFWC_InitPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -); +NSSCKFWC_InitPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen); /* * NSSCKFWC_SetPIN * */ NSS_EXTERN CK_RV -NSSCKFWC_SetPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_CHAR_PTR pNewPin, - CK_ULONG ulNewLen -); +NSSCKFWC_SetPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen); /* * NSSCKFWC_OpenSession * */ NSS_EXTERN CK_RV -NSSCKFWC_OpenSession -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession -); +NSSCKFWC_OpenSession( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); /* * NSSCKFWC_CloseSession * */ NSS_EXTERN CK_RV -NSSCKFWC_CloseSession -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_CloseSession( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CloseAllSessions * */ NSS_EXTERN CK_RV -NSSCKFWC_CloseAllSessions -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID -); +NSSCKFWC_CloseAllSessions( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID); /* * NSSCKFWC_GetSessionInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSessionInfo -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo -); +NSSCKFWC_GetSessionInfo( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); /* * NSSCKFWC_GetOperationState * */ NSS_EXTERN CK_RV -NSSCKFWC_GetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen -); +NSSCKFWC_GetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); /* * NSSCKFWC_SetOperationState * */ NSS_EXTERN CK_RV -NSSCKFWC_SetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey -); +NSSCKFWC_SetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); /* * NSSCKFWC_Login * */ NSS_EXTERN CK_RV -NSSCKFWC_Login -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -); +NSSCKFWC_Login( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen); /* * NSSCKFWC_Logout * */ NSS_EXTERN CK_RV -NSSCKFWC_Logout -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_Logout( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CreateObject * */ NSS_EXTERN CK_RV -NSSCKFWC_CreateObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject -); +NSSCKFWC_CreateObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); /* * NSSCKFWC_CopyObject * */ NSS_EXTERN CK_RV -NSSCKFWC_CopyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject -); +NSSCKFWC_CopyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); /* * NSSCKFWC_DestroyObject * */ NSS_EXTERN CK_RV -NSSCKFWC_DestroyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject -); +NSSCKFWC_DestroyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); /* * NSSCKFWC_GetObjectSize * */ NSS_EXTERN CK_RV -NSSCKFWC_GetObjectSize -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR pulSize -); +NSSCKFWC_GetObjectSize( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize); /* * NSSCKFWC_GetAttributeValue * */ NSS_EXTERN CK_RV -NSSCKFWC_GetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); - +NSSCKFWC_GetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + /* * NSSCKFWC_SetAttributeValue * */ NSS_EXTERN CK_RV -NSSCKFWC_SetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); +NSSCKFWC_SetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); /* * NSSCKFWC_FindObjectsInit * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjectsInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); +NSSCKFWC_FindObjectsInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); /* * NSSCKFWC_FindObjects * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjects -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR phObject, - CK_ULONG ulMaxObjectCount, - CK_ULONG_PTR pulObjectCount -); +NSSCKFWC_FindObjects( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); /* * NSSCKFWC_FindObjectsFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjectsFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_FindObjectsFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_EncryptInit * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_EncryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Encrypt * */ NSS_EXTERN CK_RV -NSSCKFWC_Encrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen -); +NSSCKFWC_Encrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); /* * NSSCKFWC_EncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_EncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_EncryptFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen -); +NSSCKFWC_EncryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); /* * NSSCKFWC_DecryptInit * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_DecryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Decrypt * */ NSS_EXTERN CK_RV -NSSCKFWC_Decrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -); +NSSCKFWC_Decrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); /* * NSSCKFWC_DecryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_DecryptFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen -); +NSSCKFWC_DecryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); /* * NSSCKFWC_DigestInit * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism -); +NSSCKFWC_DigestInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); /* * NSSCKFWC_Digest * */ NSS_EXTERN CK_RV -NSSCKFWC_Digest -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -); +NSSCKFWC_Digest( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); /* * NSSCKFWC_DigestUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen -); +NSSCKFWC_DigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen); /* * NSSCKFWC_DigestKey * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_DigestKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_DigestFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -); +NSSCKFWC_DigestFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); /* * NSSCKFWC_SignInit * */ NSS_EXTERN CK_RV -NSSCKFWC_SignInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_SignInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Sign * */ NSS_EXTERN CK_RV -NSSCKFWC_Sign -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_Sign( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_SignUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_SignUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -); +NSSCKFWC_SignUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); /* * NSSCKFWC_SignFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_SignFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_SignFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_SignRecoverInit * */ NSS_EXTERN CK_RV -NSSCKFWC_SignRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_SignRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_SignRecover * */ NSS_EXTERN CK_RV -NSSCKFWC_SignRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_SignRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_VerifyInit * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_VerifyInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Verify * */ NSS_EXTERN CK_RV -NSSCKFWC_Verify -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -); +NSSCKFWC_Verify( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); /* * NSSCKFWC_VerifyUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -); +NSSCKFWC_VerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); /* * NSSCKFWC_VerifyFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -); +NSSCKFWC_VerifyFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); /* * NSSCKFWC_VerifyRecoverInit * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_VerifyRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_VerifyRecover * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -); +NSSCKFWC_VerifyRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); /* * NSSCKFWC_DigestEncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_DigestEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_DecryptDigestUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptDigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptDigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_SignEncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_SignEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_SignEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_DecryptVerifyUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptVerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptVerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_GenerateKey * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_GenerateKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_GenerateKeyPair * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateKeyPair -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey -); +NSSCKFWC_GenerateKeyPair( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); /* * NSSCKFWC_WrapKey * */ NSS_EXTERN CK_RV -NSSCKFWC_WrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen -); +NSSCKFWC_WrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); /* * NSSCKFWC_UnwrapKey * */ NSS_EXTERN CK_RV -NSSCKFWC_UnwrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_UnwrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_DeriveKey * */ NSS_EXTERN CK_RV -NSSCKFWC_DeriveKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_DeriveKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_SeedRandom * */ NSS_EXTERN CK_RV -NSSCKFWC_SeedRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen -); +NSSCKFWC_SeedRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); /* * NSSCKFWC_GenerateRandom * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen -); +NSSCKFWC_GenerateRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen); /* * NSSCKFWC_GetFunctionStatus * */ NSS_EXTERN CK_RV -NSSCKFWC_GetFunctionStatus -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_GetFunctionStatus( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CancelFunction * */ NSS_EXTERN CK_RV -NSSCKFWC_CancelFunction -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_CancelFunction( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); #endif /* NSSCKFWC_H */ diff --git a/nss/lib/ckfw/nssckfwt.h b/nss/lib/ckfw/nssckfwt.h index 4c4fad2..cd015d5 100644 --- a/nss/lib/ckfw/nssckfwt.h +++ b/nss/lib/ckfw/nssckfwt.h @@ -51,7 +51,6 @@ typedef struct NSSCKFWMechanismStr NSSCKFWMechanism; struct NSSCKFWCryptoOperationStr; typedef struct NSSCKFWCryptoOperationStr NSSCKFWCryptoOperation; - /* * NSSCKFWSession * @@ -87,7 +86,7 @@ typedef struct NSSCKFWMutexStr NSSCKFWMutex; typedef enum { SingleThreaded, MultiThreaded -} CryptokiLockingState ; +} CryptokiLockingState; /* used as an index into an array, make sure it starts at '0' */ typedef enum { diff --git a/nss/lib/ckfw/nssckmdt.h b/nss/lib/ckfw/nssckmdt.h index 2c3aa2e..d98f9b0 100644 --- a/nss/lib/ckfw/nssckmdt.h +++ b/nss/lib/ckfw/nssckmdt.h @@ -44,9 +44,9 @@ typedef struct NSSCKMDObjectStr NSSCKMDObject; */ typedef struct { - PRBool needsFreeing; - NSSItem* item; -} NSSCKFWItem ; + PRBool needsFreeing; + NSSItem *item; +} NSSCKFWItem; /* * NSSCKMDInstance @@ -61,152 +61,147 @@ typedef struct { */ struct NSSCKMDInstanceStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to initialize - * the Module. This routine is optional; if unimplemented, - * it won't be called. If this routine returns an error, - * then the initialization will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSUTF8 *configurationData - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. It is the last thing called before - * the NSSCKFWInstance's NSSArena is destroyed. This routine - * is optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to initialize + * the Module. This routine is optional; if unimplemented, + * it won't be called. If this routine returns an error, + * then the initialization will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. It is the last thing called before + * the NSSCKFWInstance's NSSArena is destroyed. This routine + * is optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* * This routine gets the number of slots. This value must - * never change, once the instance is initialized. This + * never change, once the instance is initialized. This * routine must be implemented. It may return zero on error. */ - CK_ULONG (PR_CALLBACK *GetNSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of the Cryptoki standard - * to which this Module conforms. This routine is optional; - * if unimplemented, the Framework uses the version to which - * ~it~ was implemented. - */ - CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing the manufacturer ID for this Module. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this Module library. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of this Module library. - * This routine is optional; if unimplemented, the Framework - * will assume a Module library version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetLibraryVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the Module wishes to - * handle session objects. This routine is optional. - * If this routine is NULL, or if it exists but returns - * CK_FALSE, the Framework will assume responsibility - * for managing session objects. - */ - CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs pointers to NSSCKMDSlot objects into - * the specified array; one for each slot supported by this - * instance. The Framework will determine the size needed - * for the array by calling GetNSlots. This routine is - * required. - */ - CK_RV (PR_CALLBACK *GetSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] - ); - - /* - * This call returns a pointer to the slot in which an event - * has occurred. If the block argument is CK_TRUE, the call - * should block until a slot event occurs; if CK_FALSE, it - * should check to see if an event has occurred, occurred, - * but return NULL (and set *pError to CK_NO_EVENT) if one - * hasn't. This routine is optional; if unimplemented, the - * Framework will assume that no event has happened. This - * routine may return NULL upon error. - */ - NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + CK_ULONG(PR_CALLBACK *GetNSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of the Cryptoki standard + * to which this Module conforms. This routine is optional; + * if unimplemented, the Framework uses the version to which + * ~it~ was implemented. + */ + CK_VERSION(PR_CALLBACK *GetCryptokiVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing the manufacturer ID for this Module. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this Module library. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of this Module library. + * This routine is optional; if unimplemented, the Framework + * will assume a Module library version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetLibraryVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the Module wishes to + * handle session objects. This routine is optional. + * If this routine is NULL, or if it exists but returns + * CK_FALSE, the Framework will assume responsibility + * for managing session objects. + */ + CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs pointers to NSSCKMDSlot objects into + * the specified array; one for each slot supported by this + * instance. The Framework will determine the size needed + * for the array by calling GetNSlots. This routine is + * required. + */ + CK_RV(PR_CALLBACK *GetSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]); + + /* + * This call returns a pointer to the slot in which an event + * has occurred. If the block argument is CK_TRUE, the call + * should block until a slot event occurs; if CK_FALSE, it + * should check to see if an event has occurred, occurred, + * but return NULL (and set *pError to CK_NO_EVENT) if one + * hasn't. This routine is optional; if unimplemented, the + * Framework will assume that no event has happened. This + * routine may return NULL upon error. + */ + NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - /* * NSSCKMDSlot * @@ -220,165 +215,161 @@ struct NSSCKMDInstanceStr { */ struct NSSCKMDSlotStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called during the Framework initialization - * step, after the Framework Instance has obtained the list - * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- - * specific initialization can be done here. This routine is - * optional; if unimplemented, it won't be called. Note that - * if this routine returns an error, the entire Framework - * initialization for this Module will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. This call (for each of the slots) - * is the last thing called before NSSCKMDInstance->Finalize. - * This routine is optional; if unimplemented, it merely - * won't be called. Note: In the rare circumstance that - * the Framework initialization cannot complete (due to, - * for example, memory limitations), this can be called with - * a NULL value for fwSlot. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this slot. Only the characters - * completely encoded in the first sixty-four bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of the manufacturer of this slot. - * Only the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if a token is present in this - * slot. This routine is optional; if unimplemented, CK_TRUE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetTokenPresent)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the slot supports removable - * tokens. This routine is optional; if unimplemented, CK_FALSE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this slot is a hardware - * device, or CK_FALSE if this slot is a software device. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's hardware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's firmware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine should return a pointer to an NSSCKMDToken - * object corresponding to the token in the specified slot. - * The NSSCKFWToken object passed in has an NSSArena - * available which is dedicated for this token. This routine - * must be implemented. This routine may return NULL upon - * error. - */ - NSSCKMDToken *(PR_CALLBACK *GetToken)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called during the Framework initialization + * step, after the Framework Instance has obtained the list + * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- + * specific initialization can be done here. This routine is + * optional; if unimplemented, it won't be called. Note that + * if this routine returns an error, the entire Framework + * initialization for this Module will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. This call (for each of the slots) + * is the last thing called before NSSCKMDInstance->Finalize. + * This routine is optional; if unimplemented, it merely + * won't be called. Note: In the rare circumstance that + * the Framework initialization cannot complete (due to, + * for example, memory limitations), this can be called with + * a NULL value for fwSlot. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this slot. Only the characters + * completely encoded in the first sixty-four bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of the manufacturer of this slot. + * Only the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if a token is present in this + * slot. This routine is optional; if unimplemented, CK_TRUE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetTokenPresent) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the slot supports removable + * tokens. This routine is optional; if unimplemented, CK_FALSE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRemovableDevice) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this slot is a hardware + * device, or CK_FALSE if this slot is a software device. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHardwareSlot) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's hardware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's firmware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine should return a pointer to an NSSCKMDToken + * object corresponding to the token in the specified slot. + * The NSSCKFWToken object passed in has an NSSArena + * available which is dedicated for this token. This routine + * must be implemented. This routine may return NULL upon + * error. + */ + NSSCKMDToken *(PR_CALLBACK *GetToken)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -394,444 +385,437 @@ struct NSSCKMDSlotStr { */ struct NSSCKMDTokenStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is used to prepare a Module token object for - * use. It is called after the NSSCKMDToken object is obtained - * from NSSCKMDSlot->GetToken. It is named "Setup" here because - * Cryptoki already defines "InitToken" to do the process of - * wiping out any existing state on a token and preparing it for - * a new use. This routine is optional; if unimplemented, it - * merely won't be called. - */ - CK_RV (PR_CALLBACK *Setup)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called by the Framework whenever it notices - * that the token object is invalid. (Typically this is when a - * routine indicates an error such as CKR_DEVICE_REMOVED). This - * call is the last thing called before the NSSArena in the - * corresponding NSSCKFWToken is destroyed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Invalidate)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine initialises the token in the specified slot. - * This routine is optional; if unimplemented, the Framework - * will fail this operation with an error of CKR_DEVICE_ERROR. - */ - - CK_RV (PR_CALLBACK *InitToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin, - NSSUTF8 *label - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's label. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLabel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's manufacturer ID. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's model name. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetModel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's serial number. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if the token has its own - * random number generator. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasRNG)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token is write-protected. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token requires a login. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetLoginRequired)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the normal user's PIN on this - * token has been initialised. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if a successful save of a - * session's cryptographic operations state ~always~ contains - * all keys needed to restore the state of the session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has its own - * hardware clock. This routine is optional; if unimplemented, - * CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has a protected - * authentication path. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token supports dual - * cryptographic operations within a single session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * XXX fgmr-- should we have a call to return all the flags - * at once, for folks who already know about Cryptoki? - */ - - /* - * This routine returns the maximum number of sessions that - * may be opened on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum number of read/write - * sesisons that may be opened on this token. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or - * CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum PIN code length that is - * supported on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMaxPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the minimum PIN code length that is - * supported on this token. This routine is optional; if - * unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or 0? - */ - CK_ULONG (PR_CALLBACK *GetMinPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which public objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which public objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which private objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which private objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * hardware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * firmware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs the current UTC time, as obtained from - * the token, into the sixteen-byte buffer in the form - * YYYYMMDDhhmmss00. This routine need only be implemented - * by token which indicate that they have a real-time clock. - * XXX fgmr-- think about time formats. - */ - CK_RV (PR_CALLBACK *GetUTCTime)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_CHAR utcTime[16] - ); - - /* - * This routine creates a session on the token, and returns - * the corresponding NSSCKMDSession object. The value of - * rw will be CK_TRUE if the session is to be a read/write - * session, or CK_FALSE otherwise. An NSSArena dedicated to - * the new session is available from the specified NSSCKFWSession. - * This routine may return NULL upon error. - */ - NSSCKMDSession *(PR_CALLBACK *OpenSession)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError - ); - - /* - * This routine returns the number of PKCS#11 Mechanisms - * supported by this token. This routine is optional; if - * unimplemented, zero is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMechanismCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs into the specified array the types - * of the mechanisms supported by this token. The Framework - * determines the size of the array by calling GetMechanismCount. - */ - CK_RV (PR_CALLBACK *GetMechanismTypes)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] - ); - - /* - * This routine returns a pointer to a Module mechanism - * object corresponding to a specified type. This routine - * need only exist for tokens implementing at least one - * mechanism. - */ - NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is used to prepare a Module token object for + * use. It is called after the NSSCKMDToken object is obtained + * from NSSCKMDSlot->GetToken. It is named "Setup" here because + * Cryptoki already defines "InitToken" to do the process of + * wiping out any existing state on a token and preparing it for + * a new use. This routine is optional; if unimplemented, it + * merely won't be called. + */ + CK_RV(PR_CALLBACK *Setup) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called by the Framework whenever it notices + * that the token object is invalid. (Typically this is when a + * routine indicates an error such as CKR_DEVICE_REMOVED). This + * call is the last thing called before the NSSArena in the + * corresponding NSSCKFWToken is destroyed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Invalidate)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine initialises the token in the specified slot. + * This routine is optional; if unimplemented, the Framework + * will fail this operation with an error of CKR_DEVICE_ERROR. + */ + + CK_RV(PR_CALLBACK *InitToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's label. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLabel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's manufacturer ID. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's model name. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetModel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's serial number. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if the token has its own + * random number generator. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasRNG) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token is write-protected. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token requires a login. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetLoginRequired) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the normal user's PIN on this + * token has been initialised. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if a successful save of a + * session's cryptographic operations state ~always~ contains + * all keys needed to restore the state of the session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has its own + * hardware clock. This routine is optional; if unimplemented, + * CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has a protected + * authentication path. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token supports dual + * cryptographic operations within a single session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * XXX fgmr-- should we have a call to return all the flags + * at once, for folks who already know about Cryptoki? + */ + + /* + * This routine returns the maximum number of sessions that + * may be opened on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum number of read/write + * sesisons that may be opened on this token. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or + * CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum PIN code length that is + * supported on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMaxPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum PIN code length that is + * supported on this token. This routine is optional; if + * unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or 0? + */ + CK_ULONG(PR_CALLBACK *GetMinPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which public objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which public objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which private objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which private objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * hardware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * firmware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs the current UTC time, as obtained from + * the token, into the sixteen-byte buffer in the form + * YYYYMMDDhhmmss00. This routine need only be implemented + * by token which indicate that they have a real-time clock. + * XXX fgmr-- think about time formats. + */ + CK_RV(PR_CALLBACK *GetUTCTime) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_CHAR utcTime[16]); + + /* + * This routine creates a session on the token, and returns + * the corresponding NSSCKMDSession object. The value of + * rw will be CK_TRUE if the session is to be a read/write + * session, or CK_FALSE otherwise. An NSSArena dedicated to + * the new session is available from the specified NSSCKFWSession. + * This routine may return NULL upon error. + */ + NSSCKMDSession *(PR_CALLBACK *OpenSession)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError); + + /* + * This routine returns the number of PKCS#11 Mechanisms + * supported by this token. This routine is optional; if + * unimplemented, zero is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMechanismCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs into the specified array the types + * of the mechanisms supported by this token. The Framework + * determines the size of the array by calling GetMechanismCount. + */ + CK_RV(PR_CALLBACK *GetMechanismTypes) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]); + + /* + * This routine returns a pointer to a Module mechanism + * object corresponding to a specified type. This routine + * need only exist for tokens implementing at least one + * mechanism. + */ + NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -847,279 +831,275 @@ struct NSSCKMDTokenStr { */ struct NSSCKMDSessionStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when a session is - * closed. This call is the last thing called before the - * NSSArena in the correspoinding NSSCKFWSession is destroyed. - * This routine is optional; if unimplemented, it merely won't - * be called. - */ - void (PR_CALLBACK *Close)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to get any device-specific error. - * This routine is optional. - */ - CK_ULONG (PR_CALLBACK *GetDeviceError)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to log in a user to the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Login)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_USER_TYPE userType, - NSSItem *pin, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to log out a user from the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Logout)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to initialize the normal user's PIN or - * password. This will only be called in the "read/write - * security officer functions" state. If this token has a - * protected authentication path, then the pin argument will - * be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *InitPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin - ); - - /* - * This routine is used to modify a user's PIN or password. This - * routine will only be called in the "read/write security officer - * functions" or "read/write user functions" state. If this token - * has a protected authentication path, then the pin arguments - * will be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *SetPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *oldPin, - NSSItem *newPin - ); - - /* - * This routine is used to find out how much space would be required - * to save the current operational state. This routine is optional; - * if unimplemented, the Framework will reject any attempts to save - * the operational state with the error CKR_STATE_UNSAVEABLE. This - * routine may return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetOperationStateLen)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is used to store the current operational state. This - * routine is only required if GetOperationStateLen is implemented - * and can return a nonzero value. The buffer in the specified item - * will be pre-allocated, and the length will specify the amount of - * space available (which may be more than GetOperationStateLen - * asked for, but which will not be smaller). - */ - CK_RV (PR_CALLBACK *GetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This routine is used to restore an operational state previously - * obtained with GetOperationState. The Framework will take pains - * to be sure that the state is (or was at one point) valid; if the - * Module notices that the state is invalid, it should return an - * error, but it is not required to be paranoid about the issue. - * [XXX fgmr-- should (can?) the framework verify the keys match up?] - * This routine is required only if GetOperationState is implemented. - */ - CK_RV (PR_CALLBACK *SetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *state, - NSSCKMDObject *mdEncryptionKey, - NSSCKFWObject *fwEncryptionKey, - NSSCKMDObject *mdAuthenticationKey, - NSSCKFWObject *fwAuthenticationKey - ); - - /* - * This routine is used to create an object. The specified template - * will only specify a session object if the Module has indicated - * that it wishes to handle its own session objects. This routine - * is optional; if unimplemented, the Framework will reject the - * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for - * token objects should come from the NSSArena available from the - * NSSCKFWToken object; space for session objects (if supported) - * should come from the NSSArena available from the NSSCKFWSession - * object. The appropriate NSSArena pointer will, as a convenience, - * be passed as the handyArenaPointer argument. This routine may - * return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CreateObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to make a copy of an object. It is entirely - * optional; if unimplemented, the Framework will try to use - * CreateObject instead. If the Module has indicated that it does - * not wish to handle session objects, then this routine will only - * be called to copy a token object to another token object. - * Otherwise, either the original object or the new may be of - * either the token or session variety. As with CreateObject, the - * handyArenaPointer will point to the appropriate arena for the - * new object. This routine may return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CopyObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdOldObject, - NSSCKFWObject *fwOldObject, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to begin an object search. This routine may - * be unimplemented only if the Module does not handle session - * objects, and if none of its tokens have token objects. The - * NSSCKFWFindObjects pointer has an NSSArena that may be used for - * storage for the life of this "find" operation. This routine may - * return NULL upon error. If the Module can determine immediately - * that the search will not find any matching objects, it may return - * NULL, and specify CKR_OK as the error. - */ - NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine seeds the random-number generator. It is - * optional, even if GetRandom is implemented. If unimplemented, - * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. - */ - CK_RV (PR_CALLBACK *SeedRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *seed - ); - - /* - * This routine gets random data. It is optional. If unimplemented, - * the Framework will issue the error CKR_RANDOM_NO_RNG. - */ - CK_RV (PR_CALLBACK *GetRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when a session is + * closed. This call is the last thing called before the + * NSSArena in the correspoinding NSSCKFWSession is destroyed. + * This routine is optional; if unimplemented, it merely won't + * be called. + */ + void(PR_CALLBACK *Close)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to get any device-specific error. + * This routine is optional. + */ + CK_ULONG(PR_CALLBACK *GetDeviceError) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to log in a user to the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Login) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_USER_TYPE userType, + NSSItem *pin, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to log out a user from the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Logout) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to initialize the normal user's PIN or + * password. This will only be called in the "read/write + * security officer functions" state. If this token has a + * protected authentication path, then the pin argument will + * be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *InitPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin); + + /* + * This routine is used to modify a user's PIN or password. This + * routine will only be called in the "read/write security officer + * functions" or "read/write user functions" state. If this token + * has a protected authentication path, then the pin arguments + * will be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *SetPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *oldPin, + NSSItem *newPin); + + /* + * This routine is used to find out how much space would be required + * to save the current operational state. This routine is optional; + * if unimplemented, the Framework will reject any attempts to save + * the operational state with the error CKR_STATE_UNSAVEABLE. This + * routine may return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetOperationStateLen) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is used to store the current operational state. This + * routine is only required if GetOperationStateLen is implemented + * and can return a nonzero value. The buffer in the specified item + * will be pre-allocated, and the length will specify the amount of + * space available (which may be more than GetOperationStateLen + * asked for, but which will not be smaller). + */ + CK_RV(PR_CALLBACK *GetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This routine is used to restore an operational state previously + * obtained with GetOperationState. The Framework will take pains + * to be sure that the state is (or was at one point) valid; if the + * Module notices that the state is invalid, it should return an + * error, but it is not required to be paranoid about the issue. + * [XXX fgmr-- should (can?) the framework verify the keys match up?] + * This routine is required only if GetOperationState is implemented. + */ + CK_RV(PR_CALLBACK *SetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *state, + NSSCKMDObject *mdEncryptionKey, + NSSCKFWObject *fwEncryptionKey, + NSSCKMDObject *mdAuthenticationKey, + NSSCKFWObject *fwAuthenticationKey); + + /* + * This routine is used to create an object. The specified template + * will only specify a session object if the Module has indicated + * that it wishes to handle its own session objects. This routine + * is optional; if unimplemented, the Framework will reject the + * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for + * token objects should come from the NSSArena available from the + * NSSCKFWToken object; space for session objects (if supported) + * should come from the NSSArena available from the NSSCKFWSession + * object. The appropriate NSSArena pointer will, as a convenience, + * be passed as the handyArenaPointer argument. This routine may + * return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CreateObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to make a copy of an object. It is entirely + * optional; if unimplemented, the Framework will try to use + * CreateObject instead. If the Module has indicated that it does + * not wish to handle session objects, then this routine will only + * be called to copy a token object to another token object. + * Otherwise, either the original object or the new may be of + * either the token or session variety. As with CreateObject, the + * handyArenaPointer will point to the appropriate arena for the + * new object. This routine may return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CopyObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdOldObject, + NSSCKFWObject *fwOldObject, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to begin an object search. This routine may + * be unimplemented only if the Module does not handle session + * objects, and if none of its tokens have token objects. The + * NSSCKFWFindObjects pointer has an NSSArena that may be used for + * storage for the life of this "find" operation. This routine may + * return NULL upon error. If the Module can determine immediately + * that the search will not find any matching objects, it may return + * NULL, and specify CKR_OK as the error. + */ + NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine seeds the random-number generator. It is + * optional, even if GetRandom is implemented. If unimplemented, + * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. + */ + CK_RV(PR_CALLBACK *SeedRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *seed); + + /* + * This routine gets random data. It is optional. If unimplemented, + * the Framework will issue the error CKR_RANDOM_NO_RNG. + */ + CK_RV(PR_CALLBACK *GetRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1135,54 +1115,52 @@ struct NSSCKMDSessionStr { */ struct NSSCKMDFindObjectsStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Final)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to obtain another pointer to an - * object matching the search criteria. This routine is - * required. If no (more) objects match the search, it - * should return NULL and set the error to CKR_OK. - */ - NSSCKMDObject *(PR_CALLBACK *Next)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Final)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to obtain another pointer to an + * object matching the search criteria. This routine is + * required. If no (more) objects match the search, it + * should return NULL and set the error to CKR_OK. + */ + NSSCKMDObject *(PR_CALLBACK *Next)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1199,182 +1177,179 @@ struct NSSCKMDFindObjectsStr { */ struct NSSCKMDCryptoOperationStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework clean up the mdCryptoOperation - * structure. - * This routine is optional; if unimplemented, it will be ignored. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * how many bytes do we need to finish this buffer? - * must be implemented if Final is implemented. - */ - CK_ULONG (PR_CALLBACK *GetFinalLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * how many bytes do we need to complete the next operation. - * used in both Update and UpdateFinal. - */ - CK_ULONG (PR_CALLBACK *GetOperationLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - CK_RV *pError - ); - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - * The respective final call with fail with CKR_FUNCTION_FAILED - * Final should not free the mdCryptoOperation. - */ - CK_RV(PR_CALLBACK *Final)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *outputBuffer - ); - - - /* - * This routine is called by the Framework to complete the - * next step in an encryption/decryption operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED. - * Update should not be implemented for signing/verification/digest - * mechanisms. - */ - CK_RV(PR_CALLBACK *Update)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete the - * next step in a signing/verification/digest operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED - * Update should not be implemented for encryption/decryption - * mechanisms. - */ - CK_RV(PR_CALLBACK *DigestUpdate)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer - ); - - /* - * This routine is called by the Framework to complete a - * single step operation. This routine is optional; if unimplemented, - * the framework will use the Update and Final functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateFinal)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete next - * step in a combined operation. The Decrypt/Encrypt mechanism - * should define and drive the combo step. - * This routine is optional; if unimplemented, - * the framework will use the appropriate Update functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateCombo)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDCryptoOperation *mdPeerCryptoOperation, - NSSCKFWCryptoOperation *fwPeerCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * Hash a key directly into the digest - */ - CK_RV(PR_CALLBACK *DigestKey)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework clean up the mdCryptoOperation + * structure. + * This routine is optional; if unimplemented, it will be ignored. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * how many bytes do we need to finish this buffer? + * must be implemented if Final is implemented. + */ + CK_ULONG(PR_CALLBACK *GetFinalLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * how many bytes do we need to complete the next operation. + * used in both Update and UpdateFinal. + */ + CK_ULONG(PR_CALLBACK *GetOperationLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + CK_RV *pError); + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + * The respective final call with fail with CKR_FUNCTION_FAILED + * Final should not free the mdCryptoOperation. + */ + CK_RV(PR_CALLBACK *Final) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in an encryption/decryption operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED. + * Update should not be implemented for signing/verification/digest + * mechanisms. + */ + CK_RV(PR_CALLBACK *Update) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in a signing/verification/digest operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED + * Update should not be implemented for encryption/decryption + * mechanisms. + */ + CK_RV(PR_CALLBACK *DigestUpdate) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer); + + /* + * This routine is called by the Framework to complete a + * single step operation. This routine is optional; if unimplemented, + * the framework will use the Update and Final functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateFinal) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete next + * step in a combined operation. The Decrypt/Encrypt mechanism + * should define and drive the combo step. + * This routine is optional; if unimplemented, + * the framework will use the appropriate Update functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateCombo) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDCryptoOperation *mdPeerCryptoOperation, + NSSCKFWCryptoOperation *fwPeerCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * Hash a key directly into the digest + */ + CK_RV(PR_CALLBACK *DigestKey) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1383,365 +1358,352 @@ struct NSSCKMDCryptoOperationStr { */ struct NSSCKMDMechanismStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This also frees the fwMechanism if appropriate. - * If it is not supplied, the Framework will assume that the Token - * Manages a static list of mechanisms and the function will not be called. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * This routine returns the minimum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMinKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the maximum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMaxKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is called to determine if the mechanism is - * implemented in hardware or software. It returns CK_TRUE - * if it is done in hardware. - */ - CK_BBOOL (PR_CALLBACK *GetInHardware)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * The crypto routines themselves. Most crypto operations may - * be performed in two ways, streaming and single-part. The - * streaming operations involve the use of (typically) three - * calls-- an Init method to set up the operation, an Update - * method to feed data to the operation, and a Final method to - * obtain the final result. Single-part operations involve - * one method, to perform the crypto operation all at once. - * - * The NSS Cryptoki Framework can implement the single-part - * operations in terms of the streaming operations on behalf - * of the Module. There are a few variances. - * - * Only the Init Functions are defined by the mechanism. Each - * init function will return a NSSCKFWCryptoOperation which - * can supply update, final, the single part updateFinal, and - * the combo updateCombo functions. - * - * For simplicity, the routines are listed in summary here: - * - * EncryptInit, - * DecryptInit, - * DigestInit, - * SignInit, - * SignRecoverInit; - * VerifyInit, - * VerifyRecoverInit; - * - * The key-management routines are - * - * GenerateKey - * GenerateKeyPair - * WrapKey - * UnwrapKey - * DeriveKey - * - * All of these routines based on the Cryptoki API; - * see PKCS#11 for further information. - */ - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - * Key management operations. - */ - - /* - * This routine generates a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *GenerateKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine generates a key pair. - */ - CK_RV (PR_CALLBACK *GenerateKeyPair)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKMDObject **pPublicKey, - NSSCKMDObject **pPrivateKey - ); - - /* - * This routine wraps a key. - */ - CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdWrappedKey, - NSSCKFWObject *fwWrappedKey, - CK_RV *pError - ); - - /* - * This routine wraps a key. - */ - CK_RV (PR_CALLBACK *WrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdKeyObject, - NSSCKFWObject *fwKeyObject, - NSSItem *wrappedKey - ); - - /* - * This routine unwraps a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine derives a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *DeriveKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdBaseKey, - NSSCKFWObject *fwBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This also frees the fwMechanism if appropriate. + * If it is not supplied, the Framework will assume that the Token + * Manages a static list of mechanisms and the function will not be called. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMinKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the maximum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMaxKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is called to determine if the mechanism is + * implemented in hardware or software. It returns CK_TRUE + * if it is done in hardware. + */ + CK_BBOOL(PR_CALLBACK *GetInHardware) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * The crypto routines themselves. Most crypto operations may + * be performed in two ways, streaming and single-part. The + * streaming operations involve the use of (typically) three + * calls-- an Init method to set up the operation, an Update + * method to feed data to the operation, and a Final method to + * obtain the final result. Single-part operations involve + * one method, to perform the crypto operation all at once. + * + * The NSS Cryptoki Framework can implement the single-part + * operations in terms of the streaming operations on behalf + * of the Module. There are a few variances. + * + * Only the Init Functions are defined by the mechanism. Each + * init function will return a NSSCKFWCryptoOperation which + * can supply update, final, the single part updateFinal, and + * the combo updateCombo functions. + * + * For simplicity, the routines are listed in summary here: + * + * EncryptInit, + * DecryptInit, + * DigestInit, + * SignInit, + * SignRecoverInit; + * VerifyInit, + * VerifyRecoverInit; + * + * The key-management routines are + * + * GenerateKey + * GenerateKeyPair + * WrapKey + * UnwrapKey + * DeriveKey + * + * All of these routines based on the Cryptoki API; + * see PKCS#11 for further information. + */ + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + * Key management operations. + */ + + /* + * This routine generates a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *GenerateKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine generates a key pair. + */ + CK_RV(PR_CALLBACK *GenerateKeyPair) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKMDObject **pPublicKey, + NSSCKMDObject **pPrivateKey); + + /* + * This routine wraps a key. + */ + CK_ULONG(PR_CALLBACK *GetWrapKeyLength) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdWrappedKey, + NSSCKFWObject *fwWrappedKey, + CK_RV *pError); + + /* + * This routine wraps a key. + */ + CK_RV(PR_CALLBACK *WrapKey) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey); + + /* + * This routine unwraps a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine derives a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *DeriveKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdBaseKey, + NSSCKFWObject *fwBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1756,190 +1718,187 @@ struct NSSCKMDMechanismStr { */ struct NSSCKMDObjectStr { - /* - * The implementation my use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when it is letting - * go of an object handle. It can be used by the Module to - * free any resources tied up by an object "in use." It is - * optional. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to completely destroy an object. - * It is optional. The parameter fwObject might be NULL - * if the framework runs out of memory at the wrong moment. - */ - CK_RV (PR_CALLBACK *Destroy)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This helper routine is used by the Framework, and is especially - * useful when it is managing session objects on behalf of the - * Module. This routine is optional; if unimplemented, the - * Framework will actually look up the CKA_TOKEN attribute. In the - * event of an error, just make something up-- the Framework will - * find out soon enough anyway. - */ - CK_BBOOL (PR_CALLBACK *IsTokenObject)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the number of attributes of which this - * object consists. It is mandatory. It can return zero on - * error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeCount)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine stuffs the attribute types into the provided array. - * The array size (as obtained from GetAttributeCount) is passed in - * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong - * (either too big or too small). - */ - CK_RV (PR_CALLBACK *GetAttributeTypes)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount - ); - - /* - * This routine returns the size (in bytes) of the specified - * attribute. It can return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns an NSSCKFWItem structure. - * The item pointer points to an NSSItem containing the attribute value. - * The needsFreeing bit tells the framework whether to call the - * FreeAttribute function . Upon error, an NSSCKFWItem structure - * with a NULL NSSItem item pointer will be returned - */ - NSSCKFWItem (PR_CALLBACK *GetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns CKR_OK if the attribute could be freed. - */ - CK_RV (PR_CALLBACK *FreeAttribute)( - NSSCKFWItem * item - ); - - /* - * This routine changes the specified attribute. If unimplemented, - * the object will be considered read-only. - */ - CK_RV (PR_CALLBACK *SetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value - ); - - /* - * This routine returns the storage requirements of this object, - * in bytes. Cryptoki doesn't strictly define the definition, - * but it should relate to the values returned by the "Get Memory" - * routines of the NSSCKMDToken. This routine is optional; if - * unimplemented, the Framework will consider this information - * sensitive. This routine may return zero on error. If the - * specified error is CKR_OK, zero will be accepted as a valid - * response. - */ - CK_ULONG (PR_CALLBACK *GetObjectSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The implementation my use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when it is letting + * go of an object handle. It can be used by the Module to + * free any resources tied up by an object "in use." It is + * optional. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to completely destroy an object. + * It is optional. The parameter fwObject might be NULL + * if the framework runs out of memory at the wrong moment. + */ + CK_RV(PR_CALLBACK *Destroy) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This helper routine is used by the Framework, and is especially + * useful when it is managing session objects on behalf of the + * Module. This routine is optional; if unimplemented, the + * Framework will actually look up the CKA_TOKEN attribute. In the + * event of an error, just make something up-- the Framework will + * find out soon enough anyway. + */ + CK_BBOOL(PR_CALLBACK *IsTokenObject) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the number of attributes of which this + * object consists. It is mandatory. It can return zero on + * error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeCount) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine stuffs the attribute types into the provided array. + * The array size (as obtained from GetAttributeCount) is passed in + * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong + * (either too big or too small). + */ + CK_RV(PR_CALLBACK *GetAttributeTypes) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); + + /* + * This routine returns the size (in bytes) of the specified + * attribute. It can return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns an NSSCKFWItem structure. + * The item pointer points to an NSSItem containing the attribute value. + * The needsFreeing bit tells the framework whether to call the + * FreeAttribute function . Upon error, an NSSCKFWItem structure + * with a NULL NSSItem item pointer will be returned + */ + NSSCKFWItem(PR_CALLBACK *GetAttribute)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns CKR_OK if the attribute could be freed. + */ + CK_RV(PR_CALLBACK *FreeAttribute) + ( + NSSCKFWItem *item); + + /* + * This routine changes the specified attribute. If unimplemented, + * the object will be considered read-only. + */ + CK_RV(PR_CALLBACK *SetAttribute) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); + + /* + * This routine returns the storage requirements of this object, + * in bytes. Cryptoki doesn't strictly define the definition, + * but it should relate to the values returned by the "Get Memory" + * routines of the NSSCKMDToken. This routine is optional; if + * unimplemented, the Framework will consider this information + * sensitive. This routine may return zero on error. If the + * specified error is CKR_OK, zero will be accepted as a valid + * response. + */ + CK_ULONG(PR_CALLBACK *GetObjectSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - #endif /* NSSCKMDT_H */ diff --git a/nss/lib/ckfw/nssckt.h b/nss/lib/ckfw/nssckt.h index 5ed534c..b50a88f 100644 --- a/nss/lib/ckfw/nssckt.h +++ b/nss/lib/ckfw/nssckt.h @@ -10,4 +10,3 @@ typedef CK_ATTRIBUTE_TYPE CK_PTR CK_ATTRIBUTE_TYPE_PTR; #define CK_ENTRY #endif /* _NSSCKT_H_ */ - diff --git a/nss/lib/ckfw/nssmkey/ckmk.h b/nss/lib/ckfw/nssmkey/ckmk.h index 9d8202f..4f3ab82 100644 --- a/nss/lib/ckfw/nssmkey/ckmk.h +++ b/nss/lib/ckfw/nssmkey/ckmk.h @@ -36,9 +36,9 @@ * to this PKCS #11 module. */ struct ckmkRawObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; }; typedef struct ckmkRawObjectStr ckmkRawObject; @@ -46,40 +46,40 @@ typedef struct ckmkRawObjectStr ckmkRawObject; * Key/Cert Items */ struct ckmkItemObjectStr { - SecKeychainItemRef itemRef; - SecItemClass itemClass; - PRBool hasID; - NSSItem modify; - NSSItem private; - NSSItem encrypt; - NSSItem decrypt; - NSSItem derive; - NSSItem sign; - NSSItem signRecover; - NSSItem verify; - NSSItem verifyRecover; - NSSItem wrap; - NSSItem unwrap; - NSSItem label; - NSSItem subject; - NSSItem issuer; - NSSItem serial; - NSSItem derCert; - NSSItem id; - NSSItem modulus; - NSSItem exponent; - NSSItem privateExponent; - NSSItem prime1; - NSSItem prime2; - NSSItem exponent1; - NSSItem exponent2; - NSSItem coefficient; + SecKeychainItemRef itemRef; + SecItemClass itemClass; + PRBool hasID; + NSSItem modify; + NSSItem private; + NSSItem encrypt; + NSSItem decrypt; + NSSItem derive; + NSSItem sign; + NSSItem signRecover; + NSSItem verify; + NSSItem verifyRecover; + NSSItem wrap; + NSSItem unwrap; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + NSSItem id; + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; }; typedef struct ckmkItemObjectStr ckmkItemObject; typedef enum { - ckmkRaw, - ckmkItem, + ckmkRaw, + ckmkItem, } ckmkObjectType; /* @@ -87,112 +87,96 @@ typedef enum { * cfind as ckmkInternalObjects. */ struct ckmkInternalObjectStr { - ckmkObjectType type; - union { - ckmkRawObject raw; - ckmkItemObject item; - } u; - CK_OBJECT_CLASS objClass; - NSSItem hashKey; - unsigned char hashKeyData[128]; - NSSCKMDObject mdObject; + ckmkObjectType type; + union { + ckmkRawObject raw; + ckmkItemObject item; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; }; typedef struct ckmkInternalObjectStr ckmkInternalObject; /* our raw object data array */ NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[]; -NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects; - -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_ManufacturerID; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_LibraryDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_SlotDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenLabel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenModel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenSerialNumber; - -NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance; -NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot; -NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken; +NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken; NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA; NSS_EXTERN NSSCKMDSession * -nss_ckmk_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_ckmk_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_ckmk_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckmk_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * Object Utilities */ NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateMDObject -( - NSSArena *arena, - ckmkInternalObject *io, - CK_RV *pError -); +nss_ckmk_CreateMDObject( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckmk_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN const NSSItem * -nss_ckmk_FetchAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -); +nss_ckmk_FetchAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError); NSS_EXTERN void -nss_ckmk_DestroyInternalObject -( - ckmkInternalObject *io -); +nss_ckmk_DestroyInternalObject( + ckmkInternalObject *io); unsigned char * -nss_ckmk_DERUnwrap -( - unsigned char *src, - int size, - int *outSize, - unsigned char **next -); +nss_ckmk_DERUnwrap( + unsigned char *src, + int size, + int *outSize, + unsigned char **next); CK_ULONG -nss_ckmk_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -); +nss_ckmk_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError); -#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) +#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0]))) #ifdef DEBUG -#define CKMK_MACERR(str,err) cssmPerror(str,err) +#define CKMK_MACERR(str, err) cssmPerror(str, err) #else -#define CKMK_MACERR(str,err) +#define CKMK_MACERR(str, err) #endif - + #endif diff --git a/nss/lib/ckfw/nssmkey/ckmkver.c b/nss/lib/ckfw/nssmkey/ckmkver.c index 0f68976..2b99f1e 100644 --- a/nss/lib/ckfw/nssmkey/ckmkver.c +++ b/nss/lib/ckfw/nssmkey/ckmkver.c @@ -14,5 +14,4 @@ /* * Version information */ -const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; diff --git a/nss/lib/ckfw/nssmkey/manchor.c b/nss/lib/ckfw/nssmkey/manchor.c index 1b4d70b..3b8bc2d 100644 --- a/nss/lib/ckfw/nssmkey/manchor.c +++ b/nss/lib/ckfw/nssmkey/manchor.c @@ -6,7 +6,7 @@ * nssmkey/manchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ diff --git a/nss/lib/ckfw/nssmkey/mconstants.c b/nss/lib/ckfw/nssmkey/mconstants.c index 89df4f2..c26298a 100644 --- a/nss/lib/ckfw/nssmkey/mconstants.c +++ b/nss/lib/ckfw/nssmkey/mconstants.c @@ -19,40 +19,43 @@ #include "nssmkey.h" NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_CryptokiVersion = { - NSS_CKMK_CRYPTOKI_VERSION_MAJOR, - NSS_CKMK_CRYPTOKI_VERSION_MINOR }; + nss_ckmk_CryptokiVersion = { + NSS_CKMK_CRYPTOKI_VERSION_MAJOR, + NSS_CKMK_CRYPTOKI_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + nss_ckmk_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_LibraryDescription = (NSSUTF8 *) "NSS Access to Mac OS X Key Ring"; + nss_ckmk_LibraryDescription = (NSSUTF8 *)"NSS Access to Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_LibraryVersion = { - NSS_CKMK_LIBRARY_VERSION_MAJOR, - NSS_CKMK_LIBRARY_VERSION_MINOR}; + nss_ckmk_LibraryVersion = { + NSS_CKMK_LIBRARY_VERSION_MAJOR, + NSS_CKMK_LIBRARY_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_SlotDescription = (NSSUTF8 *) "Mac OS X Key Ring"; + nss_ckmk_SlotDescription = (NSSUTF8 *)"Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_HardwareVersion = { - NSS_CKMK_HARDWARE_VERSION_MAJOR, - NSS_CKMK_HARDWARE_VERSION_MINOR }; + nss_ckmk_HardwareVersion = { + NSS_CKMK_HARDWARE_VERSION_MAJOR, + NSS_CKMK_HARDWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_FirmwareVersion = { - NSS_CKMK_FIRMWARE_VERSION_MAJOR, - NSS_CKMK_FIRMWARE_VERSION_MINOR }; + nss_ckmk_FirmwareVersion = { + NSS_CKMK_FIRMWARE_VERSION_MAJOR, + NSS_CKMK_FIRMWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenLabel = (NSSUTF8 *) "Mac OS X Key Ring"; + nss_ckmk_TokenLabel = (NSSUTF8 *)"Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenModel = (NSSUTF8 *) "1"; + nss_ckmk_TokenModel = (NSSUTF8 *)"1"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenSerialNumber = (NSSUTF8 *) "1"; - + nss_ckmk_TokenSerialNumber = (NSSUTF8 *)"1"; diff --git a/nss/lib/ckfw/nssmkey/mfind.c b/nss/lib/ckfw/nssmkey/mfind.c index 8f22bda..d193a8d 100644 --- a/nss/lib/ckfw/nssmkey/mfind.c +++ b/nss/lib/ckfw/nssmkey/mfind.c @@ -14,354 +14,339 @@ */ struct ckmkFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - ckmkInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckmkInternalObject **objs; }; static void -ckmk_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - PRUint32 i; - - /* walk down an free the unused 'objs' */ - for (i=fo->i; i < fo->n ; i++) { - nss_ckmk_DestroyInternalObject(fo->objs[i]); - } - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - - return; + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i = fo->i; i < fo->n; i++) { + nss_ckmk_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; } static NSSCKMDObject * -ckmk_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +ckmk_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; - ckmkInternalObject *io; + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + ckmkInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_ckmk_CreateMDObject(arena, io, pError); + return nss_ckmk_CreateMDObject(arena, io, pError); } static CK_BBOOL -ckmk_attrmatch -( - CK_ATTRIBUTE_PTR a, - ckmkInternalObject *o -) +ckmk_attrmatch( + CK_ATTRIBUTE_PTR a, + ckmkInternalObject *o) { - PRBool prb; - const NSSItem *b; - CK_RV error; - - b = nss_ckmk_FetchAttribute(o, a->type, &error); - if (b == NULL) { - return CK_FALSE; - } - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - int len; - unsigned char *data; - - data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL); - if ((len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + const NSSItem *b; + CK_RV error; + + b = nss_ckmk_FetchAttribute(o, a->type, &error); + if (b == NULL) { + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data; + + data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } -} + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (PR_TRUE == prb) { + return CK_TRUE; + } else { + return CK_FALSE; + } +} static CK_BBOOL -ckmk_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject *o -) +ckmk_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject *o) { - CK_ULONG i; + CK_ULONG i; - for( i = 0; i < ulAttributeCount; i++ ) { - if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) { - return CK_FALSE; + for (i = 0; i < ulAttributeCount; i++) { + if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } -#define CKMK_ITEM_CHUNK 20 - -#define PUT_OBJECT(obj, err, size, count, list) \ - { \ - if (count >= size) { \ - (list) = (list) ? \ - nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ - ((size)+CKMK_ITEM_CHUNK) ) : \ - nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ - ((size)+CKMK_ITEM_CHUNK) ) ; \ - if ((ckmkInternalObject **)NULL == list) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - (size) += CKMK_ITEM_CHUNK; \ - } \ - (list)[ count ] = (obj); \ - count++; \ - } - +#define CKMK_ITEM_CHUNK 20 + +#define PUT_OBJECT(obj, err, size, count, list) \ + { \ + if (count >= size) { \ + (list) = (list) ? nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)) \ + : nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)); \ + if ((ckmkInternalObject **)NULL == list) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + (size) += CKMK_ITEM_CHUNK; \ + } \ + (list)[count] = (obj); \ + count++; \ + } /* find all the certs that represent the appropriate object (cert, priv key, or * pub key) in the cert store. */ static PRUint32 collect_class( - CK_OBJECT_CLASS objClass, - SecItemClass itemClass, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + SecItemClass itemClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - ckmkInternalObject *next = NULL; - SecKeychainSearchRef searchRef = 0; - SecKeychainItemRef itemRef = 0; - OSStatus error; - - /* future, build the attribute list based on the template - * so we can refine the search */ - error = SecKeychainSearchCreateFromAttributes( - NULL, itemClass, NULL, &searchRef); - - while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { - /* if we don't have an internal object structure, get one */ - if ((ckmkInternalObject *)NULL == next) { - next = nss_ZNEW(NULL, ckmkInternalObject); - if ((ckmkInternalObject *)NULL == next) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - } - /* fill in the relevant object data */ - next->type = ckmkItem; - next->objClass = objClass; - next->u.item.itemRef = itemRef; - next->u.item.itemClass = itemClass; - - /* see if this is one of the objects we are looking for */ - if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) { - /* yes, put it on the list */ - PUT_OBJECT(next, *pError, *sizep, count, *listp); - next = NULL; /* this one is on the list, need to allocate a new one now */ - } else { - /* no , release the current item and clear out the structure for reuse */ - CFRelease(itemRef); - /* don't cache the values we just loaded */ - nsslibc_memset(next, 0, sizeof(*next)); + ckmkInternalObject *next = NULL; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef itemRef = 0; + OSStatus error; + + /* future, build the attribute list based on the template + * so we can refine the search */ + error = SecKeychainSearchCreateFromAttributes( + NULL, itemClass, NULL, &searchRef); + + while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { + /* if we don't have an internal object structure, get one */ + if ((ckmkInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckmkInternalObject); + if ((ckmkInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + /* fill in the relevant object data */ + next->type = ckmkItem; + next->objClass = objClass; + next->u.item.itemRef = itemRef; + next->u.item.itemClass = itemClass; + + /* see if this is one of the objects we are looking for */ + if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next)) { + /* yes, put it on the list */ + PUT_OBJECT(next, *pError, *sizep, count, *listp); + next = NULL; /* this one is on the list, need to allocate a new one now */ + } else { + /* no , release the current item and clear out the structure for reuse */ + CFRelease(itemRef); + /* don't cache the values we just loaded */ + nsslibc_memset(next, 0, sizeof(*next)); + } } - } loser: - if (searchRef) { - CFRelease(searchRef); - } - nss_ZFreeIf(next); - return count; + if (searchRef) { + CFRelease(searchRef); + } + nss_ZFreeIf(next); + return count; } static PRUint32 collect_objects( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject ***listp, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + CK_RV *pError) { - PRUint32 i; - PRUint32 count = 0; - PRUint32 size = 0; - CK_OBJECT_CLASS objClass; - - /* - * first handle the static build in objects (if any) - */ - for( i = 0; i < nss_ckmk_nObjects; i++ ) { - ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i]; - - if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) { - PUT_OBJECT(o, *pError, size, count, *listp); + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for (i = 0; i < nss_ckmk_nObjects; i++) { + ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i]; + + if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o)) { + PUT_OBJECT(o, *pError, size, count, *listp); + } + } + + /* + * now handle the various object types + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, + pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + objClass = CK_INVALID_HANDLE; + } + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = collect_class(objClass, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + break; + } + if (CKR_OK != *pError) { + goto loser; } - } - - /* - * now handle the various object types - */ - objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, - pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - objClass = CK_INVALID_HANDLE; - } - *pError = CKR_OK; - switch (objClass) { - case CKO_CERTIFICATE: - count = collect_class(objClass, kSecCertificateItemClass, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PUBLIC_KEY: - count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PRIVATE_KEY: - count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - /* all of them */ - case CK_INVALID_HANDLE: - count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - default: - break; - } - if (CKR_OK != *pError) { - goto loser; - } - - return count; + + return count; loser: - nss_ZFreeIf(*listp); - return 0; + nss_ZFreeIf(*listp); + return 0; } - NSS_IMPLEMENT NSSCKMDFindObjects * -nss_ckmk_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL; - ckmkInternalObject **temp = (ckmkInternalObject **)NULL; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct ckmkFOStr); - if( (struct ckmkFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = ckmk_mdFindObjects_Final; - rv->Next = ckmk_mdFindObjects_Next; - rv->null = (void *)NULL; - - fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); - if (*pError != CKR_OK) { - goto loser; - } - - fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n); - if( (ckmkInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n); - nss_ZFreeIf(temp); - temp = (ckmkInternalObject **)NULL; - - return rv; - - loser: - nss_ZFreeIf(temp); - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL; + ckmkInternalObject **temp = (ckmkInternalObject **)NULL; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct ckmkFOStr); + if ((struct ckmkFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + rv->etc = (void *)fo; + rv->Final = ckmk_mdFindObjects_Final; + rv->Next = ckmk_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n); + if ((ckmkInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckmkInternalObject **)NULL; + + return rv; + +loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/nss/lib/ckfw/nssmkey/minst.c b/nss/lib/ckfw/nssmkey/minst.c index 923ba10..fcb96c6 100644 --- a/nss/lib/ckfw/nssmkey/minst.c +++ b/nss/lib/ckfw/nssmkey/minst.c @@ -7,7 +7,7 @@ /* * nssmkey/minstance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "nssmkey" cryptoki module. */ @@ -16,96 +16,82 @@ */ static CK_ULONG -ckmk_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -ckmk_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_CryptokiVersion; + return nss_ckmk_CryptokiVersion; } static NSSUTF8 * -ckmk_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static NSSUTF8 * -ckmk_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_LibraryDescription; + return (NSSUTF8 *)nss_ckmk_LibraryDescription; } static CK_VERSION -ckmk_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_LibraryVersion; + return nss_ckmk_LibraryVersion; } static CK_RV -ckmk_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +ckmk_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot; + return CKR_OK; } static CK_BBOOL -ckmk_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* we don't want to allow any session object creation, at least - * until we can investigate whether or not we can use those objects - */ - return CK_TRUE; + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; } NSS_IMPLEMENT_DATA const NSSCKMDInstance -nss_ckmk_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - ckmk_mdInstance_GetNSlots, - ckmk_mdInstance_GetCryptokiVersion, - ckmk_mdInstance_GetManufacturerID, - ckmk_mdInstance_GetLibraryDescription, - ckmk_mdInstance_GetLibraryVersion, - ckmk_mdInstance_ModuleHandlesSessionObjects, - /*NULL, /* HandleSessionObjects */ - ckmk_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckmk_mdInstance_GetNSlots, + ckmk_mdInstance_GetCryptokiVersion, + ckmk_mdInstance_GetManufacturerID, + ckmk_mdInstance_GetLibraryDescription, + ckmk_mdInstance_GetLibraryVersion, + ckmk_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckmk_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/nssmkey/mobject.c b/nss/lib/ckfw/nssmkey/mobject.c index 2013e7e..b19a8fd 100644 --- a/nss/lib/ckfw/nssmkey/mobject.c +++ b/nss/lib/ckfw/nssmkey/mobject.c @@ -90,37 +90,45 @@ static const CK_KEY_TYPE ckk_rsa = CKK_RSA; static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; -static const NSSItem ckmk_trueItem = { - (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckmk_falseItem = { - (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckmk_x509Item = { - (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; -static const NSSItem ckmk_rsaItem = { - (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; -static const NSSItem ckmk_certClassItem = { - (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckmk_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckmk_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckmk_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) +}; +static const NSSItem ckmk_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) +}; +static const NSSItem ckmk_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckmk_privKeyClassItem = { - (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckmk_pubKeyClassItem = { - (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; -static const NSSItem ckmk_emptyItem = { - (void *)&ck_true, 0}; + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; +static const NSSItem ckmk_emptyItem = { + (void *)&ck_true, 0 +}; /* * these are utilities. The chould be moved to a new utilities file. */ #ifdef DEBUG static void -itemdump(char *str, void *data, int size, CK_RV error) +itemdump(char *str, void *data, int size, CK_RV error) { - unsigned char *ptr = (unsigned char *)data; - int i; - fprintf(stderr,str); - for (i=0; i < size; i++) { - fprintf(stderr,"%02x ",(unsigned int) ptr[i]); - } - fprintf(stderr," (error = %d)\n", (int ) error); + unsigned char *ptr = (unsigned char *)data; + int i; + fprintf(stderr, str); + for (i = 0; i < size; i++) { + fprintf(stderr, "%02x ", (unsigned int)ptr[i]); + } + fprintf(stderr, " (error = %d)\n", (int)error); } #endif @@ -130,48 +138,46 @@ itemdump(char *str, void *data, int size, CK_RV error) * the ANS1_Decoder for this work... */ unsigned char * -nss_ckmk_DERUnwrap -( - unsigned char *src, - int size, - int *outSize, - unsigned char **next -) +nss_ckmk_DERUnwrap( + unsigned char *src, + int size, + int *outSize, + unsigned char **next) { - unsigned char *start = src; - unsigned int len = 0; - - /* initialize error condition return values */ - *outSize = 0; - if (next) { - *next = src; - } - - if (size < 2) { - return start; - } - src ++ ; /* skip the tag -- should check it against an expected value! */ - len = (unsigned) *src++; - if (len & 0x80) { - int count = len & 0x7f; - len =0; - - if (count+2 > size) { - return start; - } - while (count-- > 0) { - len = (len << 8) | (unsigned) *src++; - } - } - if (len + (src-start) > (unsigned int)size) { - return start; - } - if (next) { - *next = src+len; - } - *outSize = len; - - return src; + unsigned char *start = src; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src++; /* skip the tag -- should check it against an expected value! */ + len = (unsigned)*src++; + if (len & 0x80) { + int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned)*src++; + } + } + if (len + (src - start) > (unsigned int)size) { + return start; + } + if (next) { + *next = src + len; + } + *outSize = len; + + return src; } /* @@ -179,74 +185,68 @@ nss_ckmk_DERUnwrap * data for the item is owned by the template. */ CK_RV -nss_ckmk_GetAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - NSSItem *item -) +nss_ckmk_GetAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item) { - CK_ULONG i; - - for (i=0; i < templateSize; i++) { - if (template[i].type == type) { - item->data = template[i].pValue; - item->size = template[i].ulValueLen; - return CKR_OK; + CK_ULONG i; + + for (i = 0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } } - } - return CKR_TEMPLATE_INCOMPLETE; + return CKR_TEMPLATE_INCOMPLETE; } /* * get an attribute which is type CK_ULONG. */ CK_ULONG -nss_ckmk_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckmk_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_ULONG) 0; - } - if (item.size != sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_ULONG) 0; - } - return *(CK_ULONG *)item.data; + NSSItem item; + + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG)0; + } + return *(CK_ULONG *)item.data; } /* * get an attribute which is type CK_BBOOL. */ CK_BBOOL -nss_ckmk_GetBoolAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_BBOOL defaultBool -) +nss_ckmk_GetBoolAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_BBOOL defaultBool) { - NSSItem item; - CK_RV error; - - error = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != error) { - return defaultBool; - } - if (item.size != sizeof(CK_BBOOL)) { - return defaultBool; - } - return *(CK_BBOOL *)item.data; + NSSItem item; + CK_RV error; + + error = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != error) { + return defaultBool; + } + if (item.size != sizeof(CK_BBOOL)) { + return defaultBool; + } + return *(CK_BBOOL *)item.data; } /* @@ -254,33 +254,31 @@ nss_ckmk_GetBoolAttribute * free the string. */ char * -nss_ckmk_GetStringAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckmk_GetStringAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - char *str; - - /* get the attribute */ - *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (char *)NULL; - } - /* make sure it is null terminated */ - str = nss_ZNEWARRAY(NULL, char, item.size+1); - if ((char *)NULL == str) { - *pError = CKR_HOST_MEMORY; - return (char *)NULL; - } - - nsslibc_memcpy(str, item.data, item.size); - str[item.size] = 0; - - return str; + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size + 1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; } /* @@ -291,230 +289,224 @@ nss_ckmk_GetStringAttribute */ static CK_RV ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) -{ - int dataLen = srcLen; - int lenLen = 1; - int encLen; - int isSigned = 0; - int offset = 0; - unsigned char *data = NULL; - int i; - - if (*(unsigned char *)src & 0x80) { - dataLen++; - isSigned = 1; - } - - /* calculate the length of the length specifier */ - /* (NOTE: destroys dataLen value) */ - if (dataLen > 0x7f) { - do { - lenLen++; - dataLen >>= 8; - } while (dataLen); - } - - /* calculate our total length */ - dataLen = isSigned + srcLen; - encLen = 1 + lenLen + dataLen; - data = nss_ZNEWARRAY(NULL, unsigned char, encLen); - if ((unsigned char *)NULL == data) { - return CKR_HOST_MEMORY; - } - data[0] = DER_INTEGER; - if (1 == lenLen) { - data[1] = dataLen; - } else { - data[1] = 0x80 + lenLen; - for (i=0; i < lenLen; i++) { - data[i+1] = ((dataLen >> ((lenLen-i-1)*8)) & 0xff); - } - } - offset = lenLen+1; - - if (isSigned) { - data[offset++] = 0; - } - nsslibc_memcpy(&data[offset], src, srcLen); - dest->data = data; - dest->size = encLen; - return CKR_OK; -} +{ + int dataLen = srcLen; + int lenLen = 1; + int encLen; + int isSigned = 0; + int offset = 0; + unsigned char *data = NULL; + int i; + + if (*(unsigned char *)src & 0x80) { + dataLen++; + isSigned = 1; + } + + /* calculate the length of the length specifier */ + /* (NOTE: destroys dataLen value) */ + if (dataLen > 0x7f) { + do { + lenLen++; + dataLen >>= 8; + } while (dataLen); + } + /* calculate our total length */ + dataLen = isSigned + srcLen; + encLen = 1 + lenLen + dataLen; + data = nss_ZNEWARRAY(NULL, unsigned char, encLen); + if ((unsigned char *)NULL == data) { + return CKR_HOST_MEMORY; + } + data[0] = DER_INTEGER; + if (1 == lenLen) { + data[1] = dataLen; + } else { + data[1] = 0x80 + lenLen; + for (i = 0; i < lenLen; i++) { + data[i + 1] = ((dataLen >> ((lenLen - + i - 1) * + 8)) & + 0xff); + } + } + offset = lenLen + 1; + + if (isSigned) { + data[offset++] = 0; + } + nsslibc_memcpy(&data[offset], src, srcLen); + dest->data = data; + dest->size = encLen; + return CKR_OK; +} /* * Get a Keyring attribute. If content is set to true, then we get the * content, not the attribute. */ static CK_RV -ckmk_GetCommonAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - PRBool content, - NSSItem *item, - char *dbString -) +ckmk_GetCommonAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + PRBool content, + NSSItem *item, + char *dbString) { - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttributeInfo attrInfo; - PRUint32 len = 0; - PRUint32 dataLen = 0; - PRUint32 attrFormat = 0; - void *dataVal = 0; - void *out = NULL; - CK_RV error = CKR_OK; - OSStatus macErr; - - attrInfo.count = 1; - attrInfo.tag = &itemAttr; - attrInfo.format = &attrFormat; - - macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, - &attrInfo, NULL, &attrList, &len, &out); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - return CKR_ATTRIBUTE_TYPE_INVALID; - } - dataLen = content ? len : attrList->attr->length; - dataVal = content ? out : attrList->attr->data; - - /* Apple's documentation says this value is DER Encoded, but it clearly isn't - * der encode it before we ship it back off to NSS - */ - if ( kSecSerialNumberItemAttr == itemAttr ) { - error = ckmk_encodeInt(item, dataVal, dataLen); - goto loser; /* logically 'done' if error == CKR_OK */ - } - item->data = nss_ZNEWARRAY(NULL, char, dataLen); - if (NULL == item->data) { - error = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(item->data, dataVal, dataLen); - item->size = dataLen; + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + PRUint32 len = 0; + PRUint32 dataLen = 0; + PRUint32 attrFormat = 0; + void *dataVal = 0; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, + &attrInfo, NULL, &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + return CKR_ATTRIBUTE_TYPE_INVALID; + } + dataLen = content ? len : attrList->attr->length; + dataVal = content ? out : attrList->attr->data; + + /* Apple's documentation says this value is DER Encoded, but it clearly isn't + * der encode it before we ship it back off to NSS + */ + if (kSecSerialNumberItemAttr == itemAttr) { + error = ckmk_encodeInt(item, dataVal, dataLen); + goto loser; /* logically 'done' if error == CKR_OK */ + } + item->data = nss_ZNEWARRAY(NULL, char, dataLen); + if (NULL == item->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(item->data, dataVal, dataLen); + item->size = dataLen; loser: - SecKeychainItemFreeAttributesAndData(attrList, out); - return error; + SecKeychainItemFreeAttributesAndData(attrList, out); + return error; } /* * change an attribute (does not operate on the content). */ static CK_RV -ckmk_updateAttribute -( - SecKeychainItemRef itemRef, - SecItemAttr itemAttr, - void *data, - PRUint32 len, - char *dbString -) +ckmk_updateAttribute( + SecKeychainItemRef itemRef, + SecItemAttr itemAttr, + void *data, + PRUint32 len, + char *dbString) { - SecKeychainAttributeList attrList; - SecKeychainAttribute attrAttr; - OSStatus macErr; - CK_RV error = CKR_OK; - - attrList.count = 1; - attrList.attr = &attrAttr; - attrAttr.tag = itemAttr; - attrAttr.data = data; - attrAttr.length = len; - macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - error = CKR_ATTRIBUTE_TYPE_INVALID; - } - return error; + SecKeychainAttributeList attrList; + SecKeychainAttribute attrAttr; + OSStatus macErr; + CK_RV error = CKR_OK; + + attrList.count = 1; + attrList.attr = &attrAttr; + attrAttr.tag = itemAttr; + attrAttr.data = data; + attrAttr.length = len; + macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + } + return error; } /* * get an attribute (does not operate on the content) */ static CK_RV -ckmk_GetDataAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - NSSItem *item, - char *dbString -) +ckmk_GetDataAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString) { - return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); + return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); } /* * get an attribute we know is a BOOL. */ static CK_RV -ckmk_GetBoolAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - NSSItem *item, - char *dbString -) +ckmk_GetBoolAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString) { - SecKeychainAttribute attr; - SecKeychainAttributeList attrList; - CK_BBOOL *boolp = NULL; - PRUint32 len = 0;; - void *out = NULL; - CK_RV error = CKR_OK; - OSStatus macErr; - - attr.tag = itemAttr; - attr.length = 0; - attr.data = NULL; - attrList.count = 1; - attrList.attr = &attr; - - boolp = nss_ZNEW(NULL, CK_BBOOL); - if ((CK_BBOOL *)NULL == boolp) { - error = CKR_HOST_MEMORY; - goto loser; - } - - macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, - &attrList, &len, &out); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } - if (sizeof(PRUint32) != attr.length) { - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } - *boolp = *(PRUint32 *)attr.data ? 1 : 0; - item->data = boolp; - boolp = NULL; - item->size = sizeof(CK_BBOOL); + SecKeychainAttribute attr; + SecKeychainAttributeList attrList; + CK_BBOOL *boolp = NULL; + PRUint32 len = 0; + ; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attr.tag = itemAttr; + attr.length = 0; + attr.data = NULL; + attrList.count = 1; + attrList.attr = &attr; + + boolp = nss_ZNEW(NULL, CK_BBOOL); + if ((CK_BBOOL *)NULL == boolp) { + error = CKR_HOST_MEMORY; + goto loser; + } + + macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, + &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + if (sizeof(PRUint32) != attr.length) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + *boolp = *(PRUint32 *)attr.data ? 1 : 0; + item->data = boolp; + boolp = NULL; + item->size = sizeof(CK_BBOOL); loser: - nss_ZFreeIf(boolp); - SecKeychainItemFreeContent(&attrList, out); - return error; + nss_ZFreeIf(boolp); + SecKeychainItemFreeContent(&attrList, out); + return error; } - /* * macros for fetching attributes into a cache and returning the * appropriate value. These operate inside switch statements */ #define CKMK_HANDLE_ITEM(func, io, type, loc, item, error, str) \ - if (0 == (item)->loc.size) { \ - error = func(io, type, &(item)->loc, str); \ - } \ + if (0 == (item)->loc.size) { \ + error = func(io, type, &(item)->loc, str); \ + } \ return (CKR_OK == (error)) ? &(item)->loc : NULL; #define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \ - if (0 == (item)->loc.size) { \ - (void) func(io, type, &(item)->loc, str); \ - } \ - return &(item)->loc ; + if (0 == (item)->loc.size) { \ + (void)func(io, type, &(item)->loc, str); \ + } \ + return &(item)->loc; #define CKMK_HANDLE_BOOL_ITEM(io, type, loc, item, error, str) \ CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str) @@ -527,379 +519,363 @@ loser: * fetch the unique identifier for each object type. */ static void -ckmk_FetchHashKey -( - ckmkInternalObject *io -) +ckmk_FetchHashKey( + ckmkInternalObject *io) { - NSSItem *key = &io->hashKey; - - if (io->objClass == CKO_CERTIFICATE) { - ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, - PR_TRUE, key, "Fetching HashKey (cert)"); - } else { - ckmk_GetCommonAttribute(io, kSecKeyLabel, - PR_FALSE, key, "Fetching HashKey (key)"); - } + NSSItem *key = &io->hashKey; + + if (io->objClass == CKO_CERTIFICATE) { + ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, + PR_TRUE, key, "Fetching HashKey (cert)"); + } else { + ckmk_GetCommonAttribute(io, kSecKeyLabel, + PR_FALSE, key, "Fetching HashKey (key)"); + } } /* * Apple mucks with the actual subject and issuer, so go fetch * the real ones ourselves. */ -static void -ckmk_fetchCert -( - ckmkInternalObject *io -) +static void +ckmk_fetchCert( + ckmkInternalObject *io) { - CK_RV error; - unsigned char * cert, *next; - int certSize, thisEntrySize; + CK_RV error; + unsigned char *cert, *next; + int certSize, thisEntrySize; + + error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, + &io->u.item.derCert, "Fetching Value (cert)"); + if (CKR_OK != error) { + return; + } + /* unwrap the cert bundle */ + cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, + io->u.item.derCert.size, + &certSize, NULL); + /* unwrap the cert itself */ + /* cert == certdata */ + cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); + + /* skip the optional version */ + if ((cert[0] & 0xa0) == 0xa0) { + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + } + /* skip the serial number */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; - error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, - &io->u.item.derCert, "Fetching Value (cert)"); - if (CKR_OK != error) { - return; - } - /* unwrap the cert bundle */ - cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, - io->u.item.derCert.size, - &certSize, NULL); - /* unwrap the cert itself */ - /* cert == certdata */ - cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); - - /* skip the optional version */ - if ((cert[0] & 0xa0) == 0xa0) { + /* skip the OID */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + + /* save the (wrapped) issuer */ + io->u.item.issuer.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.issuer.size = next - cert; + certSize -= io->u.item.issuer.size; + cert = next; + + /* skip the OID */ nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); certSize -= next - cert; cert = next; - } - /* skip the serial number */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* skip the OID */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* save the (wrapped) issuer */ - io->u.item.issuer.data = cert; - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - io->u.item.issuer.size = next - cert; - certSize -= io->u.item.issuer.size; - cert = next; - - /* skip the OID */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* save the (wrapped) subject */ - io->u.item.subject.data = cert; - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - io->u.item.subject.size = next - cert; - certSize -= io->u.item.subject.size; - cert = next; + + /* save the (wrapped) subject */ + io->u.item.subject.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.subject.size = next - cert; + certSize -= io->u.item.subject.size; + cert = next; } -static void -ckmk_fetchModulus -( - ckmkInternalObject *io -) +static void +ckmk_fetchModulus( + ckmkInternalObject *io) { - NSSItem item; - PRInt32 modLen; - CK_RV error; - - /* we can't reliably get the modulus for private keys through CSSM (sigh). - * For NSS this is OK because we really only use this to get the modulus - * length (unless we are trying to get a public key from a private keys, - * something CSSM ALSO does not do!). - */ - error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, - "Key Fetch Modulus"); - if (CKR_OK != error) { - return; - } + NSSItem item; + PRInt32 modLen; + CK_RV error; + + /* we can't reliably get the modulus for private keys through CSSM (sigh). + * For NSS this is OK because we really only use this to get the modulus + * length (unless we are trying to get a public key from a private keys, + * something CSSM ALSO does not do!). + */ + error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, + "Key Fetch Modulus"); + if (CKR_OK != error) { + return; + } - modLen = *(PRInt32 *)item.data; - modLen = modLen/8; /* convert from bits to bytes */ + modLen = *(PRInt32 *)item.data; + modLen = modLen / 8; /* convert from bits to bytes */ - nss_ZFreeIf(item.data); - io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); - if (NULL == io->u.item.modulus.data) { - return; - } - *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will + nss_ZFreeIf(item.data); + io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); + if (NULL == io->u.item.modulus.data) { + return; + } + *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will * drop the first byte */ - io->u.item.modulus.size = modLen; - return; + io->u.item.modulus.size = modLen; + return; } const NSSItem * -ckmk_FetchCertAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchCertAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - switch(type) { - case CKA_CLASS: - return &ckmk_certClassItem; - case CKA_TOKEN: - case CKA_MODIFIABLE: - return &ckmk_trueItem; - case CKA_PRIVATE: - return &ckmk_falseItem; - case CKA_CERTIFICATE_TYPE: - return &ckmk_x509Item; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, - "Cert:Label attr") - case CKA_SUBJECT: - /* OK, well apple does provide an subject and issuer attribute, but they - * decided to cannonicalize that value. Probably a good move for them, - * but makes it useless for most users of PKCS #11.. Get the real subject - * from the certificate */ - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->subject; - case CKA_ISSUER: - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->issuer; - case CKA_SERIAL_NUMBER: - CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, - "Cert:Serial Number attr") - case CKA_VALUE: - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->derCert; - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, - "Cert:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - break; - } - return NULL; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + switch (type) { + case CKA_CLASS: + return &ckmk_certClassItem; + case CKA_TOKEN: + case CKA_MODIFIABLE: + return &ckmk_trueItem; + case CKA_PRIVATE: + return &ckmk_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckmk_x509Item; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, + "Cert:Label attr") + case CKA_SUBJECT: + /* OK, well apple does provide an subject and issuer attribute, but they + * decided to cannonicalize that value. Probably a good move for them, + * but makes it useless for most users of PKCS #11.. Get the real subject + * from the certificate */ + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->subject; + case CKA_ISSUER: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->issuer; + case CKA_SERIAL_NUMBER: + CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, + "Cert:Serial Number attr") + case CKA_VALUE: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->derCert; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, + "Cert:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; } const NSSItem * -ckmk_FetchPubKeyAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchPubKeyAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - - switch(type) { - case CKA_CLASS: - return &ckmk_pubKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - return &ckmk_trueItem; - case CKA_KEY_TYPE: - return &ckmk_rsaItem; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, - "PubKey:Label attr") - case CKA_ENCRYPT: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, - "PubKey:Encrypt attr") - case CKA_VERIFY: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, - "PubKey:Verify attr") - case CKA_VERIFY_RECOVER: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, - item, *pError, "PubKey:VerifyRecover attr") - case CKA_PRIVATE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, - "PubKey:Private attr") - case CKA_MODIFIABLE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, - "PubKey:Modify attr") - case CKA_DERIVE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, - "PubKey:Derive attr") - case CKA_WRAP: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, - "PubKey:Wrap attr") - case CKA_SUBJECT: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, - "PubKey:Subect attr") - case CKA_MODULUS: - return &ckmk_emptyItem; - case CKA_PUBLIC_EXPONENT: - return &ckmk_emptyItem; - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, - "PubKey:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - break; - } - return NULL; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch (type) { + case CKA_CLASS: + return &ckmk_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PubKey:Label attr") + case CKA_ENCRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, + "PubKey:Encrypt attr") + case CKA_VERIFY: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, + "PubKey:Verify attr") + case CKA_VERIFY_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, + item, *pError, "PubKey:VerifyRecover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PubKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PubKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PubKey:Derive attr") + case CKA_WRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, + "PubKey:Wrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PubKey:Subect attr") + case CKA_MODULUS: + return &ckmk_emptyItem; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PubKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; } const NSSItem * -ckmk_FetchPrivKeyAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchPrivKeyAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - - switch(type) { - case CKA_CLASS: - return &ckmk_privKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - return &ckmk_trueItem; - case CKA_SENSITIVE: - case CKA_EXTRACTABLE: /* will probably move in the future */ - case CKA_ALWAYS_SENSITIVE: - case CKA_NEVER_EXTRACTABLE: - return &ckmk_falseItem; - case CKA_KEY_TYPE: - return &ckmk_rsaItem; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, - "PrivateKey:Label attr") - case CKA_DECRYPT: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, - "PrivateKey:Decrypt attr") - case CKA_SIGN: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, - "PrivateKey:Sign attr") - case CKA_SIGN_RECOVER: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, - "PrivateKey:Sign Recover attr") - case CKA_PRIVATE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, - "PrivateKey:Private attr") - case CKA_MODIFIABLE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, - "PrivateKey:Modify attr") - case CKA_DERIVE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, - "PrivateKey:Derive attr") - case CKA_UNWRAP: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, - "PrivateKey:Unwrap attr") - case CKA_SUBJECT: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, - "PrivateKey:Subject attr") - case CKA_MODULUS: - if (0 == item->modulus.size) { - ckmk_fetchModulus(io); - } - return &item->modulus; - case CKA_PUBLIC_EXPONENT: - return &ckmk_emptyItem; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch (type) { + case CKA_CLASS: + return &ckmk_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_SENSITIVE: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckmk_falseItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PrivateKey:Label attr") + case CKA_DECRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, + "PrivateKey:Decrypt attr") + case CKA_SIGN: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, + "PrivateKey:Sign attr") + case CKA_SIGN_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, + "PrivateKey:Sign Recover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PrivateKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PrivateKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PrivateKey:Derive attr") + case CKA_UNWRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, + "PrivateKey:Unwrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PrivateKey:Subject attr") + case CKA_MODULUS: + if (0 == item->modulus.size) { + ckmk_fetchModulus(io); + } + return &item->modulus; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; #ifdef notdef - /* the following are sensitive attributes. We could implement them for - * sensitive keys using the key export function, but it's better to - * just support wrap through this token. That will more reliably allow us - * to export any private key that is truly exportable. - */ - case CKA_PRIVATE_EXPONENT: - CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, - item, *pError) - case CKA_PRIME_1: - CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) - case CKA_PRIME_2: - CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) - case CKA_EXPONENT_1: - CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) - case CKA_EXPONENT_2: - CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) - case CKA_COEFFICIENT: - CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, - item, *pError) + /* the following are sensitive attributes. We could implement them for + * sensitive keys using the key export function, but it's better to + * just support wrap through this token. That will more reliably allow us + * to export any private key that is truly exportable. + */ + case CKA_PRIVATE_EXPONENT: + CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, + item, *pError) + case CKA_PRIME_1: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) + case CKA_PRIME_2: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) + case CKA_EXPONENT_1: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) + case CKA_EXPONENT_2: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) + case CKA_COEFFICIENT: + CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, + item, *pError) #endif - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, - "PrivateKey:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return NULL; - } + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PrivateKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } } const NSSItem * -nss_ckmk_FetchAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +nss_ckmk_FetchAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - CK_ULONG i; - const NSSItem * value = NULL; - - if (io->type == ckmkRaw) { - for( i = 0; i < io->u.raw.n; i++ ) { - if( type == io->u.raw.types[i] ) { - return &io->u.raw.items[i]; - } + CK_ULONG i; + const NSSItem *value = NULL; + + if (io->type == ckmkRaw) { + for (i = 0; i < io->u.raw.n; i++) { + if (type == io->u.raw.types[i]) { + return &io->u.raw.items[i]; + } + } + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + value = ckmk_FetchCertAttribute(io, type, pError); + break; + case CKO_PRIVATE_KEY: + value = ckmk_FetchPrivKeyAttribute(io, type, pError); + break; + case CKO_PUBLIC_KEY: + value = ckmk_FetchPubKeyAttribute(io, type, pError); + break; + default: + *pError = CKR_OBJECT_HANDLE_INVALID; + return NULL; } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return NULL; - } - /* deal with the common attributes */ - switch (io->objClass) { - case CKO_CERTIFICATE: - value = ckmk_FetchCertAttribute(io, type, pError); - break; - case CKO_PRIVATE_KEY: - value = ckmk_FetchPrivKeyAttribute(io, type, pError); - break; - case CKO_PUBLIC_KEY: - value = ckmk_FetchPubKeyAttribute(io, type, pError); - break; - default: - *pError = CKR_OBJECT_HANDLE_INVALID; - return NULL; - } #ifdef DEBUG - if (CKA_ID == type) { - itemdump("id: ", value->data, value->size, *pError); - } + if (CKA_ID == type) { + itemdump("id: ", value->data, value->size, *pError); + } #endif - return value; + return value; } -static void -ckmk_removeObjectFromHash -( - ckmkInternalObject *io -); +static void +ckmk_removeObjectFromHash( + ckmkInternalObject *io); /* * * These are the MSObject functions we need to implement * * Finalize - unneeded (actually we should clean up the hashtables) - * Destroy + * Destroy * IsTokenObject - CK_TRUE * GetAttributeCount * GetAttributeTypes @@ -910,541 +886,514 @@ ckmk_removeObjectFromHash */ static CK_RV -ckmk_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - OSStatus macErr; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + OSStatus macErr; - if (ckmkRaw == io->type) { - /* there is not 'object write protected' error, use the next best thing */ - return CKR_TOKEN_WRITE_PROTECTED; - } + if (ckmkRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; + } - /* This API is done well. The following 4 lines are the complete apple - * specific part of this implementation */ - macErr = SecKeychainItemDelete(io->u.item.itemRef); - if (noErr != macErr) { - CKMK_MACERR("Delete object", macErr); - } + /* This API is done well. The following 4 lines are the complete apple + * specific part of this implementation */ + macErr = SecKeychainItemDelete(io->u.item.itemRef); + if (noErr != macErr) { + CKMK_MACERR("Delete object", macErr); + } - /* remove it from the hash */ - ckmk_removeObjectFromHash(io); + /* remove it from the hash */ + ckmk_removeObjectFromHash(io); - /* free the puppy.. */ - nss_ckmk_DestroyInternalObject(io); + /* free the puppy.. */ + nss_ckmk_DestroyInternalObject(io); - return CKR_OK; + return CKR_OK; } static CK_BBOOL -ckmk_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -ckmk_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - - if (ckmkRaw == io->type) { - return io->u.raw.n; - } - switch (io->objClass) { - case CKO_CERTIFICATE: - return certAttrsCount; - case CKO_PUBLIC_KEY: - return pubKeyAttrsCount; - case CKO_PRIVATE_KEY: - return privKeyAttrsCount; - default: - break; - } - return 0; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + + if (ckmkRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; } static CK_RV -ckmk_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +ckmk_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - CK_ULONG i; - CK_RV error = CKR_OK; - const CK_ATTRIBUTE_TYPE *attrs = NULL; - CK_ULONG size = ckmk_mdObject_GetAttributeCount( - mdObject, fwObject, mdSession, fwSession, - mdToken, fwToken, mdInstance, fwInstance, &error); - - if( size != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } - if (io->type == ckmkRaw) { - attrs = io->u.raw.types; - } else switch(io->objClass) { - case CKO_CERTIFICATE: - attrs = certAttrs; - break; - case CKO_PUBLIC_KEY: - attrs = pubKeyAttrs; - break; - case CKO_PRIVATE_KEY: - attrs = privKeyAttrs; - break; - default: - return CKR_OK; - } - - for( i = 0; i < size; i++) { - typeArray[i] = attrs[i]; - } - - return CKR_OK; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckmk_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if (size != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckmkRaw) { + attrs = io->u.raw.types; + } else + switch (io->objClass) { + case CKO_CERTIFICATE: + attrs = + certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = + pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = + privKeyAttrs; + break; + default: + return CKR_OK; + } + + for (i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; } static CK_ULONG -ckmk_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckmk_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - const NSSItem *b; + const NSSItem *b; - b = nss_ckmk_FetchAttribute(io, attribute, pError); + b = nss_ckmk_FetchAttribute(io, attribute, pError); - if ((const NSSItem *)NULL == b) { - return 0; - } - return b->size; + if ((const NSSItem *)NULL == b) { + return 0; + } + return b->size; } static CK_RV -ckmk_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +ckmk_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - SecKeychainItemRef itemRef; - - if (io->type == ckmkRaw) { - return CKR_TOKEN_WRITE_PROTECTED; - } - itemRef = io->u.item.itemRef; - - switch (io->objClass) { - case CKO_PRIVATE_KEY: - case CKO_PUBLIC_KEY: - switch (attribute) { - case CKA_ID: - ckmk_updateAttribute(itemRef, kSecKeyLabel, - value->data, value->size, "Set Attr Key ID"); + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + SecKeychainItemRef itemRef; + + if (io->type == ckmkRaw) { + return CKR_TOKEN_WRITE_PROTECTED; + } + itemRef = io->u.item.itemRef; + + switch (io->objClass) { + case CKO_PRIVATE_KEY: + case CKO_PUBLIC_KEY: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecKeyLabel, + value->data, value->size, "Set Attr Key ID"); #ifdef DEBUG - itemdump("key id: ", value->data, value->size, CKR_OK); + itemdump("key id: ", value->data, value->size, CKR_OK); #endif - break; - case CKA_LABEL: - ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, - value->size, "Set Attr Key Label"); - break; - default: - break; - } - break; - - case CKO_CERTIFICATE: - switch (attribute) { - case CKA_ID: - ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, - value->data, value->size, "Set Attr Cert ID"); - break; - case CKA_LABEL: - ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, - value->size, "Set Attr Cert Label"); - break; - default: - break; - } - break; - - default: - break; - } - return CKR_OK; + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, + value->size, "Set Attr Key Label"); + break; + default: + break; + } + break; + + case CKO_CERTIFICATE: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + value->data, value->size, "Set Attr Cert ID"); + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, + value->size, "Set Attr Cert Label"); + break; + default: + break; + } + break; + + default: + break; + } + return CKR_OK; } static NSSCKFWItem -ckmk_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckmk_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*)nss_ckmk_FetchAttribute(io, attribute, pError); + NSSCKFWItem mdItem; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)nss_ckmk_FetchAttribute(io, attribute, pError); - return mdItem; + return mdItem; } static CK_ULONG -ckmk_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - CK_ULONG rv = 1; + CK_ULONG rv = 1; - /* size is irrelevant to this token */ - return rv; + /* size is irrelevant to this token */ + return rv; } static const NSSCKMDObject -ckmk_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - ckmk_mdObject_Destroy, - ckmk_mdObject_IsTokenObject, - ckmk_mdObject_GetAttributeCount, - ckmk_mdObject_GetAttributeTypes, - ckmk_mdObject_GetAttributeSize, - ckmk_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - ckmk_mdObject_SetAttribute, - ckmk_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + ckmk_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckmk_mdObject_Destroy, + ckmk_mdObject_IsTokenObject, + ckmk_mdObject_GetAttributeCount, + ckmk_mdObject_GetAttributeTypes, + ckmk_mdObject_GetAttributeSize, + ckmk_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckmk_mdObject_SetAttribute, + ckmk_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; static nssHash *ckmkInternalObjectHash = NULL; NSS_IMPLEMENT NSSCKMDObject * -nss_ckmk_CreateMDObject -( - NSSArena *arena, - ckmkInternalObject *io, - CK_RV *pError -) +nss_ckmk_CreateMDObject( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError) { - if ((nssHash *)NULL == ckmkInternalObjectHash) { - ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); - } - if (ckmkItem == io->type) { - /* the hash key, not a cryptographic key */ - NSSItem *key = &io->hashKey; - ckmkInternalObject *old_o = NULL; + if ((nssHash *)NULL == ckmkInternalObjectHash) { + ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckmkItem == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckmkInternalObject *old_o = NULL; + + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + old_o = (ckmkInternalObject *) + nssHash_Lookup(ckmkInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckmkInternalObjectHash, key, io); + } else if (old_o != io) { + nss_ckmk_DestroyInternalObject(io); + io = old_o; + } + } - if (key->size == 0) { - ckmk_FetchHashKey(io); - } - old_o = (ckmkInternalObject *) - nssHash_Lookup(ckmkInternalObjectHash, key); - if (!old_o) { - nssHash_Add(ckmkInternalObjectHash, key, io); - } else if (old_o != io) { - nss_ckmk_DestroyInternalObject(io); - io = old_o; - } - } - - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&ckmk_prototype_mdObject, - sizeof(ckmk_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } - return &io->mdObject; + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &ckmk_prototype_mdObject, + sizeof(ckmk_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; } static void -ckmk_removeObjectFromHash -( - ckmkInternalObject *io -) +ckmk_removeObjectFromHash( + ckmkInternalObject *io) { - NSSItem *key = &io->hashKey; + NSSItem *key = &io->hashKey; - if ((nssHash *)NULL == ckmkInternalObjectHash) { + if ((nssHash *)NULL == ckmkInternalObjectHash) { + return; + } + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + nssHash_Remove(ckmkInternalObjectHash, key); return; - } - if (key->size == 0) { - ckmk_FetchHashKey(io); - } - nssHash_Remove(ckmkInternalObjectHash, key); - return; } - void -nss_ckmk_DestroyInternalObject -( - ckmkInternalObject *io -) +nss_ckmk_DestroyInternalObject( + ckmkInternalObject *io) { - switch (io->type) { - case ckmkRaw: + switch (io->type) { + case ckmkRaw: + return; + case ckmkItem: + nss_ZFreeIf(io->u.item.modify.data); + nss_ZFreeIf(io->u.item.private.data); + nss_ZFreeIf(io->u.item.encrypt.data); + nss_ZFreeIf(io->u.item.decrypt.data); + nss_ZFreeIf(io->u.item.derive.data); + nss_ZFreeIf(io->u.item.sign.data); + nss_ZFreeIf(io->u.item.signRecover.data); + nss_ZFreeIf(io->u.item.verify.data); + nss_ZFreeIf(io->u.item.verifyRecover.data); + nss_ZFreeIf(io->u.item.wrap.data); + nss_ZFreeIf(io->u.item.unwrap.data); + nss_ZFreeIf(io->u.item.label.data); + /*nss_ZFreeIf(io->u.item.subject.data); */ + /*nss_ZFreeIf(io->u.item.issuer.data); */ + nss_ZFreeIf(io->u.item.serial.data); + nss_ZFreeIf(io->u.item.modulus.data); + nss_ZFreeIf(io->u.item.exponent.data); + nss_ZFreeIf(io->u.item.privateExponent.data); + nss_ZFreeIf(io->u.item.prime1.data); + nss_ZFreeIf(io->u.item.prime2.data); + nss_ZFreeIf(io->u.item.exponent1.data); + nss_ZFreeIf(io->u.item.exponent2.data); + nss_ZFreeIf(io->u.item.coefficient.data); + break; + } + nss_ZFreeIf(io); return; - case ckmkItem: - nss_ZFreeIf(io->u.item.modify.data); - nss_ZFreeIf(io->u.item.private.data); - nss_ZFreeIf(io->u.item.encrypt.data); - nss_ZFreeIf(io->u.item.decrypt.data); - nss_ZFreeIf(io->u.item.derive.data); - nss_ZFreeIf(io->u.item.sign.data); - nss_ZFreeIf(io->u.item.signRecover.data); - nss_ZFreeIf(io->u.item.verify.data); - nss_ZFreeIf(io->u.item.verifyRecover.data); - nss_ZFreeIf(io->u.item.wrap.data); - nss_ZFreeIf(io->u.item.unwrap.data); - nss_ZFreeIf(io->u.item.label.data); - /*nss_ZFreeIf(io->u.item.subject.data); */ - /*nss_ZFreeIf(io->u.item.issuer.data); */ - nss_ZFreeIf(io->u.item.serial.data); - nss_ZFreeIf(io->u.item.modulus.data); - nss_ZFreeIf(io->u.item.exponent.data); - nss_ZFreeIf(io->u.item.privateExponent.data); - nss_ZFreeIf(io->u.item.prime1.data); - nss_ZFreeIf(io->u.item.prime2.data); - nss_ZFreeIf(io->u.item.exponent1.data); - nss_ZFreeIf(io->u.item.exponent2.data); - nss_ZFreeIf(io->u.item.coefficient.data); - break; - } - nss_ZFreeIf(io); - return; } - static ckmkInternalObject * -nss_ckmk_NewInternalObject -( - CK_OBJECT_CLASS objClass, - SecKeychainItemRef itemRef, - SecItemClass itemClass, - CK_RV *pError -) +nss_ckmk_NewInternalObject( + CK_OBJECT_CLASS objClass, + SecKeychainItemRef itemRef, + SecItemClass itemClass, + CK_RV *pError) { - ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); + ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); - if ((ckmkInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; + if ((ckmkInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + return io; + } + io->type = ckmkItem; + io->objClass = objClass; + io->u.item.itemRef = itemRef; + io->u.item.itemClass = itemClass; return io; - } - io->type = ckmkItem; - io->objClass = objClass; - io->u.item.itemRef = itemRef; - io->u.item.itemClass = itemClass; - return io; } /* - * Apple doesn't alway have a default keyChain set by the OS, use the + * Apple doesn't alway have a default keyChain set by the OS, use the * SearchList to try to find one. */ static CK_RV -ckmk_GetSafeDefaultKeychain -( - SecKeychainRef *keychainRef -) +ckmk_GetSafeDefaultKeychain( + SecKeychainRef *keychainRef) { - OSStatus macErr; - CFArrayRef searchList = 0; - CK_RV error = CKR_OK; - - macErr = SecKeychainCopyDefault(keychainRef); - if (noErr != macErr) { - int searchCount = 0; - if (errSecNoDefaultKeychain != macErr) { - CKMK_MACERR("Getting default key chain", macErr); - error = CKR_GENERAL_ERROR; - goto loser; - } - /* ok, we don't have a default key chain, find one */ - macErr = SecKeychainCopySearchList(&searchList); + OSStatus macErr; + CFArrayRef searchList = 0; + CK_RV error = CKR_OK; + + macErr = SecKeychainCopyDefault(keychainRef); if (noErr != macErr) { - CKMK_MACERR("failed to find a keyring searchList", macErr); - error = CKR_DEVICE_REMOVED; - goto loser; - } - searchCount = CFArrayGetCount(searchList); - if (searchCount < 1) { - error = CKR_DEVICE_REMOVED; - goto loser; - } - *keychainRef = - (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); - if (0 == *keychainRef) { - error = CKR_DEVICE_REMOVED; - goto loser; - } - /* should we set it as default? */ - } + int searchCount = 0; + if (errSecNoDefaultKeychain != macErr) { + CKMK_MACERR("Getting default key chain", macErr); + error = CKR_GENERAL_ERROR; + goto loser; + } + /* ok, we don't have a default key chain, find one */ + macErr = SecKeychainCopySearchList(&searchList); + if (noErr != macErr) { + CKMK_MACERR("failed to find a keyring searchList", macErr); + error = CKR_DEVICE_REMOVED; + goto loser; + } + searchCount = CFArrayGetCount(searchList); + if (searchCount < 1) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + *keychainRef = + (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); + if (0 == *keychainRef) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + /* should we set it as default? */ + } loser: - if (0 != searchList) { - CFRelease(searchList); - } - return error; + if (0 != searchList) { + CFRelease(searchList); + } + return error; } static ckmkInternalObject * -nss_ckmk_CreateCertificate -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreateCertificate( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem value; - ckmkInternalObject *io = NULL; - OSStatus macErr; - SecCertificateRef certRef; - SecKeychainItemRef itemRef; - SecKeychainRef keychainRef; - CSSM_DATA certData; - - *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, - ulAttributeCount, &value); - if (CKR_OK != *pError) { - goto loser; - } - - certData.Data = value.data; - certData.Length = value.size; - macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_BER, &certRef); - if (noErr != macErr) { - CKMK_MACERR("Create cert from data Failed", macErr); - *pError = CKR_GENERAL_ERROR; /* need to map macErr */ - goto loser; - } - - *pError = ckmk_GetSafeDefaultKeychain(&keychainRef); - if (CKR_OK != *pError) { - goto loser; - } - - macErr = SecCertificateAddToKeychain( certRef, keychainRef); - itemRef = (SecKeychainItemRef) certRef; - if (errSecDuplicateItem != macErr) { - NSSItem keyID = { NULL, 0 }; - char *nickname = NULL; - CK_RV dummy; + NSSItem value; + ckmkInternalObject *io = NULL; + OSStatus macErr; + SecCertificateRef certRef; + SecKeychainItemRef itemRef; + SecKeychainRef keychainRef; + CSSM_DATA certData; + + *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + if (CKR_OK != *pError) { + goto loser; + } + certData.Data = value.data; + certData.Length = value.size; + macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_BER, &certRef); if (noErr != macErr) { - CKMK_MACERR("Add cert to keychain Failed", macErr); - *pError = CKR_GENERAL_ERROR; /* need to map macErr */ - goto loser; - } - /* these two are optional */ - nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &dummy); - /* we've added a new one, update the attributes in the key ring */ - if (nickname) { - ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, - strlen(nickname)+1, "Modify Cert Label"); - nss_ZFreeIf(nickname); + CKMK_MACERR("Create cert from data Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; } - dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); - if (CKR_OK == dummy) { - dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, - keyID.data, keyID.size, "Modify Cert ID"); + + *pError = ckmk_GetSafeDefaultKeychain(&keychainRef); + if (CKR_OK != *pError) { + goto loser; + } + + macErr = SecCertificateAddToKeychain(certRef, keychainRef); + itemRef = (SecKeychainItemRef)certRef; + if (errSecDuplicateItem != macErr) { + NSSItem keyID = { NULL, 0 }; + char *nickname = NULL; + CK_RV dummy; + + if (noErr != macErr) { + CKMK_MACERR("Add cert to keychain Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; + } + /* these two are optional */ + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + /* we've added a new one, update the attributes in the key ring */ + if (nickname) { + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, + strlen(nickname) + 1, "Modify Cert Label"); + nss_ZFreeIf(nickname); + } + dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK == dummy) { + dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + keyID.data, keyID.size, "Modify Cert ID"); + } } - } - io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, - kSecCertificateItemClass, pError); - if ((ckmkInternalObject *)NULL != io) { - itemRef = 0; - } + io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, + kSecCertificateItemClass, pError); + if ((ckmkInternalObject *)NULL != io) { + itemRef = 0; + } loser: - if (0 != itemRef) { - CFRelease(itemRef); - } - if (0 != keychainRef) { - CFRelease(keychainRef); - } - - return io; + if (0 != itemRef) { + CFRelease(itemRef); + } + if (0 != keychainRef) { + CFRelease(keychainRef); + } + + return io; } /* @@ -1457,8 +1406,8 @@ struct ckmk_AttributeStr { typedef struct ckmk_AttributeStr ckmk_Attribute; /* -** A PKCS#8 private key info object -*/ + ** A PKCS#8 private key info object + */ struct PrivateKeyInfoStr { PLArenaPool *arena; SECItem version; @@ -1470,23 +1419,23 @@ typedef struct PrivateKeyInfoStr PrivateKeyInfo; const SEC_ASN1Template ckmk_RSAPrivateKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,version) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,modulus) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,publicExponent) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,privateExponent) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime1) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime2) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent1) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent2) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,coefficient) }, - { 0 } -}; + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, modulus) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, publicExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, privateExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient) }, + { 0 } +}; const SEC_ASN1Template ckmk_AttributeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute) }, { SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType) }, - { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), - SEC_AnyTemplate }, + { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), + SEC_AnyTemplate }, { 0 } }; @@ -1499,91 +1448,89 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) /* ASN1 Templates for new decoder/encoder */ const SEC_ASN1Template ckmk_PrivateKeyInfoTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo) }, - { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo,version) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo,algorithm), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo,privateKey) }, + { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo, version) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo, algorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo, privateKey) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, + offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, { 0 } }; #define CKMK_PRIVATE_KEY_INFO_VERSION 0 static CK_RV -ckmk_CreateRSAKeyBlob -( - RSAPrivateKey *lk, - NSSItem *keyBlob -) +ckmk_CreateRSAKeyBlob( + RSAPrivateKey *lk, + NSSItem *keyBlob) { - PrivateKeyInfo *pki = NULL; - PLArenaPool *arena = NULL; - SECOidTag algorithm = SEC_OID_UNKNOWN; - void *dummy; - SECStatus rv; - SECItem *encodedKey = NULL; - CK_RV error = CKR_OK; - - arena = PORT_NewArena(2048); /* XXX different size? */ - if(!arena) { - error = CKR_HOST_MEMORY; - goto loser; - } - - pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); - if(!pki) { - error = CKR_HOST_MEMORY; - goto loser; - } - pki->arena = arena; - - dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, - ckmk_RSAPrivateKeyTemplate); - algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; - - if (!dummy) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, - (SECItem*)NULL); - if (rv != SECSuccess) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, &pki->version, - CKMK_PRIVATE_KEY_INFO_VERSION); - if (!dummy) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, - ckmk_PrivateKeyInfoTemplate); - if (!encodedKey) { - error = CKR_DEVICE_ERROR; - goto loser; - } - - keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); - if (NULL == keyBlob->data) { - error = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); - keyBlob->size = encodedKey->len; + PrivateKeyInfo *pki = NULL; + PLArenaPool *arena = NULL; + SECOidTag algorithm = SEC_OID_UNKNOWN; + void *dummy; + SECStatus rv; + SECItem *encodedKey = NULL; + CK_RV error = CKR_OK; + + arena = PORT_NewArena(2048); /* XXX different size? */ + if (!arena) { + error = CKR_HOST_MEMORY; + goto loser; + } + + pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); + if (!pki) { + error = CKR_HOST_MEMORY; + goto loser; + } + pki->arena = arena; + + dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, + ckmk_RSAPrivateKeyTemplate); + algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; + + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, + (SECItem *)NULL); + if (rv != SECSuccess) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + dummy = SEC_ASN1EncodeInteger(arena, &pki->version, + CKMK_PRIVATE_KEY_INFO_VERSION); + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, + ckmk_PrivateKeyInfoTemplate); + if (!encodedKey) { + error = CKR_DEVICE_ERROR; + goto loser; + } + + keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); + if (NULL == keyBlob->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); + keyBlob->size = encodedKey->len; loser: - if(arena) { - PORT_FreeArena(arena, PR_TRUE); - } - if (encodedKey) { - SECITEM_FreeItem(encodedKey, PR_TRUE); - } - - return error; + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } + if (encodedKey) { + SECITEM_FreeItem(encodedKey, PR_TRUE); + } + + return error; } /* * There MUST be a better way to do this. For now, find the key based on the @@ -1591,334 +1538,324 @@ loser: */ #define IMPORTED_NAME "Imported Private Key" static CK_RV -ckmk_FindImportedKey -( - SecKeychainRef keychainRef, - SecItemClass itemClass, - SecKeychainItemRef *outItemRef -) +ckmk_FindImportedKey( + SecKeychainRef keychainRef, + SecItemClass itemClass, + SecKeychainItemRef *outItemRef) { - OSStatus macErr; - SecKeychainSearchRef searchRef = 0; - SecKeychainItemRef newItemRef; - - macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, - NULL, &searchRef); - if (noErr != macErr) { - CKMK_MACERR("Can't search for Key", macErr); - return CKR_GENERAL_ERROR; - } - while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttributeInfo attrInfo; - SecItemAttr itemAttr = kSecKeyPrintName; - PRUint32 attrFormat = 0; OSStatus macErr; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef newItemRef; - attrInfo.count = 1; - attrInfo.tag = &itemAttr; - attrInfo.format = &attrFormat; - - macErr = SecKeychainItemCopyAttributesAndData(newItemRef, - &attrInfo, NULL, &attrList, NULL, NULL); - if (noErr == macErr) { - if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, - attrList->attr->length, NULL) == 0) { - *outItemRef = newItemRef; - CFRelease (searchRef); - SecKeychainItemFreeAttributesAndData(attrList, NULL); - return CKR_OK; - } - SecKeychainItemFreeAttributesAndData(attrList, NULL); - } - CFRelease(newItemRef); - } - CFRelease (searchRef); - return CKR_GENERAL_ERROR; /* we can come up with something better! */ + macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, + NULL, &searchRef); + if (noErr != macErr) { + CKMK_MACERR("Can't search for Key", macErr); + return CKR_GENERAL_ERROR; + } + while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + SecItemAttr itemAttr = kSecKeyPrintName; + PRUint32 attrFormat = 0; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(newItemRef, + &attrInfo, NULL, &attrList, NULL, NULL); + if (noErr == macErr) { + if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, + attrList->attr->length, NULL) == 0) { + *outItemRef = newItemRef; + CFRelease(searchRef); + SecKeychainItemFreeAttributesAndData(attrList, NULL); + return CKR_OK; + } + SecKeychainItemFreeAttributesAndData(attrList, NULL); + } + CFRelease(newItemRef); + } + CFRelease(searchRef); + return CKR_GENERAL_ERROR; /* we can come up with something better! */ } static ckmkInternalObject * -nss_ckmk_CreatePrivateKey -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreatePrivateKey( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem attribute; - RSAPrivateKey lk; - NSSItem keyID; - char *nickname = NULL; - ckmkInternalObject *io = NULL; - CK_KEY_TYPE keyType; - OSStatus macErr; - SecKeychainItemRef itemRef = 0; - NSSItem keyBlob = { NULL, 0 }; - CFDataRef dataRef = 0; - SecExternalFormat inputFormat = kSecFormatBSAFE; - /*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ - SecExternalItemType itemType = kSecItemTypePrivateKey; - SecKeyImportExportParameters keyParams ; - SecKeychainRef targetKeychain = 0; - unsigned char zero = 0; - CK_RV error; - - keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - keyParams.flags = 0; - keyParams.passphrase = 0; - keyParams.alertTitle = 0; - keyParams.alertPrompt = 0; - keyParams.accessRef = 0; /* default */ - keyParams.keyUsage = 0; /* will get filled in */ - keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ - keyType = nss_ckmk_GetULongAttribute - (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - if (CKK_RSA != keyType) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (ckmkInternalObject *)NULL; - } - if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; - } - if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; - } - if (nss_ckmk_GetBoolAttribute(CKA_SIGN, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_SIGN; - } - if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, - pTemplate, ulAttributeCount, CK_FALSE)) { - keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; - } - if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; - } - if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; - } - - lk.version.type = siUnsignedInteger; - lk.version.data = &zero; - lk.version.len = 1; - - *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.modulus.type = siUnsignedInteger; - lk.modulus.data = attribute.data; - lk.modulus.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.publicExponent.type = siUnsignedInteger; - lk.publicExponent.data = attribute.data; - lk.publicExponent.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.privateExponent.type = siUnsignedInteger; - lk.privateExponent.data = attribute.data; - lk.privateExponent.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.prime1.type = siUnsignedInteger; - lk.prime1.data = attribute.data; - lk.prime1.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.prime2.type = siUnsignedInteger; - lk.prime2.data = attribute.data; - lk.prime2.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.exponent1.type = siUnsignedInteger; - lk.exponent1.data = attribute.data; - lk.exponent1.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.exponent2.type = siUnsignedInteger; - lk.exponent2.data = attribute.data; - lk.exponent2.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.coefficient.type = siUnsignedInteger; - lk.coefficient.data = attribute.data; - lk.coefficient.len = attribute.size; - - /* ASN1 Encode the pkcs8 structure... look at softoken to see how this - * is done... */ - error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob); - if (CKR_OK != error) { - goto loser; - } - - dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size); - if (0 == dataRef) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); - if (CKR_OK != *pError) { - goto loser; - } - - - /* the itemArray that is returned is useless. the item does not - * is 'not on the key chain' so none of the modify calls work on it. - * It also has a key that isn't the same key as the one in the actual - * key chain. In short it isn't the item we want, and it gives us zero - * information about the item we want, so don't even bother with it... - */ - macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, - &keyParams, targetKeychain, NULL); - if (noErr != macErr) { - CKMK_MACERR("Import Private Key", macErr); - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - *pError = ckmk_FindImportedKey(targetKeychain, - CSSM_DL_DB_RECORD_PRIVATE_KEY, - &itemRef); - if (CKR_OK != *pError) { + NSSItem attribute; + RSAPrivateKey lk; + NSSItem keyID; + char *nickname = NULL; + ckmkInternalObject *io = NULL; + CK_KEY_TYPE keyType; + OSStatus macErr; + SecKeychainItemRef itemRef = 0; + NSSItem keyBlob = { NULL, 0 }; + CFDataRef dataRef = 0; + SecExternalFormat inputFormat = kSecFormatBSAFE; + /*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ + SecExternalItemType itemType = kSecItemTypePrivateKey; + SecKeyImportExportParameters keyParams; + SecKeychainRef targetKeychain = 0; + unsigned char zero = 0; + CK_RV error; + + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; + keyParams.flags = 0; + keyParams.passphrase = 0; + keyParams.alertTitle = 0; + keyParams.alertPrompt = 0; + keyParams.accessRef = 0; /* default */ + keyParams.keyUsage = 0; /* will get filled in */ + keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ + keyType = nss_ckmk_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckmkInternalObject *)NULL; + } + if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; + } + if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; + } + if (nss_ckmk_GetBoolAttribute(CKA_SIGN, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_SIGN; + } + if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, + pTemplate, ulAttributeCount, CK_FALSE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; + } + + lk.version.type = siUnsignedInteger; + lk.version.data = &zero; + lk.version.len = 1; + + *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.modulus.type = siUnsignedInteger; + lk.modulus.data = attribute.data; + lk.modulus.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.publicExponent.type = siUnsignedInteger; + lk.publicExponent.data = attribute.data; + lk.publicExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.privateExponent.type = siUnsignedInteger; + lk.privateExponent.data = attribute.data; + lk.privateExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime1.type = siUnsignedInteger; + lk.prime1.data = attribute.data; + lk.prime1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime2.type = siUnsignedInteger; + lk.prime2.data = attribute.data; + lk.prime2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent1.type = siUnsignedInteger; + lk.exponent1.data = attribute.data; + lk.exponent1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent2.type = siUnsignedInteger; + lk.exponent2.data = attribute.data; + lk.exponent2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.coefficient.type = siUnsignedInteger; + lk.coefficient.data = attribute.data; + lk.coefficient.len = attribute.size; + + /* ASN1 Encode the pkcs8 structure... look at softoken to see how this + * is done... */ + error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob); + if (CKR_OK != error) { + goto loser; + } + + dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size); + if (0 == dataRef) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); + if (CKR_OK != *pError) { + goto loser; + } + + /* the itemArray that is returned is useless. the item does not + * is 'not on the key chain' so none of the modify calls work on it. + * It also has a key that isn't the same key as the one in the actual + * key chain. In short it isn't the item we want, and it gives us zero + * information about the item we want, so don't even bother with it... + */ + macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, + &keyParams, targetKeychain, NULL); + if (noErr != macErr) { + CKMK_MACERR("Import Private Key", macErr); + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = ckmk_FindImportedKey(targetKeychain, + CSSM_DL_DB_RECORD_PRIVATE_KEY, + &itemRef); + if (CKR_OK != *pError) { #ifdef DEBUG - fprintf(stderr,"couldn't find key in keychain \n"); + fprintf(stderr, "couldn't find key in keychain \n"); #endif - goto loser; - } - + goto loser; + } - /* set the CKA_ID and the CKA_LABEL */ - error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + /* set the CKA_ID and the CKA_LABEL */ + error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, ulAttributeCount, &keyID); - if (CKR_OK == error) { - error = ckmk_updateAttribute(itemRef, kSecKeyLabel, - keyID.data, keyID.size, "Modify Key ID"); + if (CKR_OK == error) { + error = ckmk_updateAttribute(itemRef, kSecKeyLabel, + keyID.data, keyID.size, "Modify Key ID"); #ifdef DEBUG - itemdump("key id: ", keyID.data, keyID.size, error); + itemdump("key id: ", keyID.data, keyID.size, error); #endif - } - nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &error); - if (nickname) { - ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, - strlen(nickname)+1, "Modify Key Label"); - } else { + } + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &error); + if (nickname) { + ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, + strlen(nickname) + 1, "Modify Key Label"); + } else { #define DEFAULT_NICKNAME "NSS Imported Key" - ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, - sizeof(DEFAULT_NICKNAME), "Modify Key Label"); - } + ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, + sizeof(DEFAULT_NICKNAME), "Modify Key Label"); + } - io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, - CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); - if ((ckmkInternalObject *)NULL == io) { - CFRelease(itemRef); - } + io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, + CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); + if ((ckmkInternalObject *)NULL == io) { + CFRelease(itemRef); + } - return io; + return io; loser: - /* free the key blob */ - if (keyBlob.data) { - nss_ZFreeIf(keyBlob.data); - } - if (0 != targetKeychain) { - CFRelease(targetKeychain); - } - if (0 != dataRef) { - CFRelease(dataRef); - } - return io; + /* free the key blob */ + if (keyBlob.data) { + nss_ZFreeIf(keyBlob.data); + } + if (0 != targetKeychain) { + CFRelease(targetKeychain); + } + if (0 != dataRef) { + CFRelease(dataRef); + } + return io; } - NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_OBJECT_CLASS objClass; - ckmkInternalObject *io = NULL; - CK_BBOOL isToken; - - /* - * only create token objects - */ - isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, - ulAttributeCount, CK_FALSE); - if (!isToken) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKMDObject *) NULL; - } - - /* - * only create keys and certs. - */ - objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } + CK_OBJECT_CLASS objClass; + ckmkInternalObject *io = NULL; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, CK_FALSE); + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *)NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } #ifdef notdef - if (objClass == CKO_PUBLIC_KEY) { - return CKR_OK; /* fake public key creation, happens as a side effect of - * private key creation */ - } + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } #endif - if (objClass == CKO_CERTIFICATE) { - io = nss_ckmk_CreateCertificate(fwSession, pTemplate, - ulAttributeCount, pError); - } else if (objClass == CKO_PRIVATE_KEY) { - io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, - ulAttributeCount, pError); - } else { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - - if ((ckmkInternalObject *)NULL == io) { - return (NSSCKMDObject *) NULL; - } - return nss_ckmk_CreateMDObject(NULL, io, pError); + if (objClass == CKO_CERTIFICATE) { + io = nss_ckmk_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckmkInternalObject *)NULL == io) { + return (NSSCKMDObject *)NULL; + } + return nss_ckmk_CreateMDObject(NULL, io, pError); } diff --git a/nss/lib/ckfw/nssmkey/mrsa.c b/nss/lib/ckfw/nssmkey/mrsa.c index 8cf46ad..00175b4 100644 --- a/nss/lib/ckfw/nssmkey/mrsa.c +++ b/nss/lib/ckfw/nssmkey/mrsa.c @@ -9,196 +9,183 @@ * to NSS's S/MIME code. The following two functions currently are not * part of the SecKey.h interface. */ -OSStatus -SecKeyGetCredentials -( - SecKeyRef keyRef, - CSSM_ACL_AUTHORIZATION_TAG authTag, - int type, - const CSSM_ACCESS_CREDENTIALS **creds -); +OSStatus +SecKeyGetCredentials( + SecKeyRef keyRef, + CSSM_ACL_AUTHORIZATION_TAG authTag, + int type, + const CSSM_ACCESS_CREDENTIALS **creds); /* this function could be implemented using 'SecKeychainItemCopyKeychain' and * 'SecKeychainGetCSPHandle' */ -OSStatus -SecKeyGetCSPHandle -( - SecKeyRef keyRef, - CSSM_CSP_HANDLE *cspHandle -); - - -typedef struct ckmkInternalCryptoOperationRSAPrivStr - ckmkInternalCryptoOperationRSAPriv; -struct ckmkInternalCryptoOperationRSAPrivStr -{ - NSSCKMDCryptoOperation mdOperation; - NSSCKMDMechanism *mdMechanism; - ckmkInternalObject *iKey; - NSSItem *buffer; - CSSM_CC_HANDLE cssmContext; +OSStatus +SecKeyGetCSPHandle( + SecKeyRef keyRef, + CSSM_CSP_HANDLE *cspHandle); + +typedef struct ckmkInternalCryptoOperationRSAPrivStr + ckmkInternalCryptoOperationRSAPriv; +struct ckmkInternalCryptoOperationRSAPrivStr { + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckmkInternalObject *iKey; + NSSItem *buffer; + CSSM_CC_HANDLE cssmContext; }; typedef enum { - CKMK_DECRYPT, - CKMK_SIGN + CKMK_DECRYPT, + CKMK_SIGN } ckmkRSAOpType; /* * ckmk_mdCryptoOperationRSAPriv_Create */ static NSSCKMDCryptoOperation * -ckmk_mdCryptoOperationRSAPriv_Create -( - const NSSCKMDCryptoOperation *proto, - NSSCKMDMechanism *mdMechanism, - NSSCKMDObject *mdKey, - ckmkRSAOpType type, - CK_RV *pError -) +ckmk_mdCryptoOperationRSAPriv_Create( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + ckmkRSAOpType type, + CK_RV *pError) { - ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc; - const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError); - const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError); - ckmkInternalCryptoOperationRSAPriv *iOperation; - SecKeyRef privateKey; - OSStatus macErr; - CSSM_RETURN cssmErr; - const CSSM_KEY *cssmKey; - CSSM_CSP_HANDLE cspHandle; - const CSSM_ACCESS_CREDENTIALS *creds = NULL; - CSSM_CC_HANDLE cssmContext; - CSSM_ACL_AUTHORIZATION_TAG authType; - - /* make sure we have the right objects */ - if (((const NSSItem *)NULL == classItem) || - (sizeof(CK_OBJECT_CLASS) != classItem->size) || - (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || - ((const NSSItem *)NULL == keyType) || - (sizeof(CK_KEY_TYPE) != keyType->size) || - (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { - *pError = CKR_KEY_TYPE_INCONSISTENT; - return (NSSCKMDCryptoOperation *)NULL; - } - - privateKey = (SecKeyRef) iKey->u.item.itemRef; - macErr = SecKeyGetCSSMKey(privateKey, &cssmKey); - if (noErr != macErr) { - CKMK_MACERR("Getting CSSM Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - macErr = SecKeyGetCSPHandle(privateKey, &cspHandle); - if (noErr != macErr) { - CKMK_MACERR("Getting CSP for Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - switch (type) { - case CKMK_DECRYPT: - authType = CSSM_ACL_AUTHORIZATION_DECRYPT; - break; - case CKMK_SIGN: - authType = CSSM_ACL_AUTHORIZATION_SIGN; - break; - default: - *pError = CKR_GENERAL_ERROR; + ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError); + const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError); + ckmkInternalCryptoOperationRSAPriv *iOperation; + SecKeyRef privateKey; + OSStatus macErr; + CSSM_RETURN cssmErr; + const CSSM_KEY *cssmKey; + CSSM_CSP_HANDLE cspHandle; + const CSSM_ACCESS_CREDENTIALS *creds = NULL; + CSSM_CC_HANDLE cssmContext; + CSSM_ACL_AUTHORIZATION_TAG authType; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + privateKey = (SecKeyRef)iKey->u.item.itemRef; + macErr = SecKeyGetCSSMKey(privateKey, &cssmKey); + if (noErr != macErr) { + CKMK_MACERR("Getting CSSM Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + macErr = SecKeyGetCSPHandle(privateKey, &cspHandle); + if (noErr != macErr) { + CKMK_MACERR("Getting CSP for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + switch (type) { + case CKMK_DECRYPT: + authType = CSSM_ACL_AUTHORIZATION_DECRYPT; + break; + case CKMK_SIGN: + authType = CSSM_ACL_AUTHORIZATION_SIGN; + break; + default: + *pError = CKR_GENERAL_ERROR; #ifdef DEBUG - fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); + fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type); #endif - return (NSSCKMDCryptoOperation *)NULL; - } - - macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds); - if (noErr != macErr) { - CKMK_MACERR("Getting Credentials for Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - - switch (type) { - case CKMK_DECRYPT: - cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, - creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext); - break; - case CKMK_SIGN: - cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, - creds, cssmKey, &cssmContext); - break; - default: - *pError = CKR_GENERAL_ERROR; + return (NSSCKMDCryptoOperation *)NULL; + } + + macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds); + if (noErr != macErr) { + CKMK_MACERR("Getting Credentials for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + + switch (type) { + case CKMK_DECRYPT: + cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext); + break; + case CKMK_SIGN: + cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, &cssmContext); + break; + default: + *pError = CKR_GENERAL_ERROR; #ifdef DEBUG - fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); + fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type); #endif - return (NSSCKMDCryptoOperation *)NULL; - } - if (noErr != cssmErr) { - CKMK_MACERR("Getting Context for Key", cssmErr); - *pError = CKR_GENERAL_ERROR; - return (NSSCKMDCryptoOperation *)NULL; - } - - iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv); - if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *)NULL; - } - iOperation->mdMechanism = mdMechanism; - iOperation->iKey = iKey; - iOperation->cssmContext = cssmContext; - - nsslibc_memcpy(&iOperation->mdOperation, - proto, sizeof(NSSCKMDCryptoOperation)); - iOperation->mdOperation.etc = iOperation; - - return &iOperation->mdOperation; + return (NSSCKMDCryptoOperation *)NULL; + } + if (noErr != cssmErr) { + CKMK_MACERR("Getting Context for Key", cssmErr); + *pError = CKR_GENERAL_ERROR; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv); + if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->cssmContext = cssmContext; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; } static void -ckmk_mdCryptoOperationRSAPriv_Destroy -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdCryptoOperationRSAPriv_Destroy( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - - if (iOperation->buffer) { - nssItem_Destroy(iOperation->buffer); - } - if (iOperation->cssmContext) { - CSSM_DeleteContext(iOperation->cssmContext); - } - nss_ZFreeIf(iOperation); - return; + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + if (iOperation->cssmContext) { + CSSM_DeleteContext(iOperation->cssmContext); + } + nss_ZFreeIf(iOperation); + return; } static CK_ULONG -ckmk_mdCryptoOperationRSA_GetFinalLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdCryptoOperationRSA_GetFinalLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - const NSSItem *modulus = - nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError); + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError); - return modulus->size; + return modulus->size; } - /* * ckmk_mdCryptoOperationRSADecrypt_GetOperationLength * we won't know the length until we actually decrypt the @@ -206,105 +193,101 @@ ckmk_mdCryptoOperationRSA_GetFinalLength * the block, we'll save if for when the block is asked for */ static CK_ULONG -ckmk_mdCryptoOperationRSADecrypt_GetOperationLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - CK_RV *pError -) +ckmk_mdCryptoOperationRSADecrypt_GetOperationLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - CSSM_DATA cssmInput; - CSSM_DATA cssmOutput = { 0, NULL }; - PRUint32 bytesDecrypted; - CSSM_DATA remainder = { 0, NULL }; - NSSItem output; - CSSM_RETURN cssmErr; - - if (iOperation->buffer) { + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + PRUint32 bytesDecrypted; + CSSM_DATA remainder = { 0, NULL }; + NSSItem output; + CSSM_RETURN cssmErr; + + if (iOperation->buffer) { + return iOperation->buffer->size; + } + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_DecryptData(iOperation->cssmContext, + &cssmInput, 1, &cssmOutput, 1, + &bytesDecrypted, &remainder); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Decrypt Failed", cssmErr); + *pError = CKR_DATA_INVALID; + return 0; + } + /* we didn't suppy any buffers, so it should all be in remainder */ + output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length); + if (NULL == output.data) { + free(cssmOutput.Data); + free(remainder.Data); + *pError = CKR_HOST_MEMORY; + return 0; + } + output.size = bytesDecrypted + remainder.Length; + + if (0 != bytesDecrypted) { + nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted); + free(cssmOutput.Data); + } + if (0 != remainder.Length) { + nsslibc_memcpy(((char *)output.data) + bytesDecrypted, + remainder.Data, remainder.Length); + free(remainder.Data); + } + + iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL); + nss_ZFreeIf(output.data); + if ((NSSItem *)NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + return iOperation->buffer->size; - } - - cssmInput.Data = input->data; - cssmInput.Length = input->size; - - cssmErr = CSSM_DecryptData(iOperation->cssmContext, - &cssmInput, 1, &cssmOutput, 1, - &bytesDecrypted, &remainder); - if (CSSM_OK != cssmErr) { - CKMK_MACERR("Decrypt Failed", cssmErr); - *pError = CKR_DATA_INVALID; - return 0; - } - /* we didn't suppy any buffers, so it should all be in remainder */ - output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length); - if (NULL == output.data) { - free(cssmOutput.Data); - free(remainder.Data); - *pError = CKR_HOST_MEMORY; - return 0; - } - output.size = bytesDecrypted + remainder.Length; - - if (0 != bytesDecrypted) { - nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted); - free(cssmOutput.Data); - } - if (0 != remainder.Length) { - nsslibc_memcpy(((char *)output.data)+bytesDecrypted, - remainder.Data, remainder.Length); - free(remainder.Data); - } - - iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL); - nss_ZFreeIf(output.data); - if ((NSSItem *) NULL == iOperation->buffer) { - *pError = CKR_HOST_MEMORY; - return 0; - } - - return iOperation->buffer->size; } /* * ckmk_mdCryptoOperationRSADecrypt_UpdateFinal * - * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to * have been called previously. */ static CK_RV -ckmk_mdCryptoOperationRSADecrypt_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckmk_mdCryptoOperationRSADecrypt_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - NSSItem *buffer = iOperation->buffer; - - if ((NSSItem *)NULL == buffer) { - return CKR_GENERAL_ERROR; - } - nsslibc_memcpy(output->data, buffer->data, buffer->size); - output->size = buffer->size; - return CKR_OK; + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; } /* @@ -312,199 +295,185 @@ ckmk_mdCryptoOperationRSADecrypt_UpdateFinal * */ static CK_RV -ckmk_mdCryptoOperationRSASign_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckmk_mdCryptoOperationRSASign_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - CSSM_DATA cssmInput; - CSSM_DATA cssmOutput = { 0, NULL }; - CSSM_RETURN cssmErr; - - cssmInput.Data = input->data; - cssmInput.Length = input->size; - - cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1, - CSSM_ALGID_NONE, &cssmOutput); - if (CSSM_OK != cssmErr) { - CKMK_MACERR("Signed Failed", cssmErr); - return CKR_FUNCTION_FAILED; - } - if (cssmOutput.Length > output->size) { + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + CSSM_RETURN cssmErr; + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1, + CSSM_ALGID_NONE, &cssmOutput); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Signed Failed", cssmErr); + return CKR_FUNCTION_FAILED; + } + if (cssmOutput.Length > output->size) { + free(cssmOutput.Data); + return CKR_BUFFER_TOO_SMALL; + } + nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length); free(cssmOutput.Data); - return CKR_BUFFER_TOO_SMALL; - } - nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length); - free(cssmOutput.Data); - output->size = cssmOutput.Length; + output->size = cssmOutput.Length; - return CKR_OK; + return CKR_OK; } - NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckmk_mdCryptoOperationRSADecrypt_proto = { - NULL, /* etc */ - ckmk_mdCryptoOperationRSAPriv_Destroy, - NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ - ckmk_mdCryptoOperationRSADecrypt_GetOperationLength, - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckmk_mdCryptoOperationRSADecrypt_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckmk_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckmk_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckmk_mdCryptoOperationRSASign_proto = { - NULL, /* etc */ - ckmk_mdCryptoOperationRSAPriv_Destroy, - ckmk_mdCryptoOperationRSA_GetFinalLength, - NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckmk_mdCryptoOperationRSASign_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckmk_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + ckmk_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; /********** NSSCKMDMechansim functions ***********************/ /* * ckmk_mdMechanismRSA_Destroy */ static void -ckmk_mdMechanismRSA_Destroy -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdMechanismRSA_Destroy( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_ZFreeIf(fwMechanism); + nss_ZFreeIf(fwMechanism); } /* * ckmk_mdMechanismRSA_GetMinKeySize */ static CK_ULONG -ckmk_mdMechanismRSA_GetMinKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdMechanismRSA_GetMinKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 384; + return 384; } /* * ckmk_mdMechanismRSA_GetMaxKeySize */ static CK_ULONG -ckmk_mdMechanismRSA_GetMaxKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdMechanismRSA_GetMaxKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 16384; + return 16384; } /* * ckmk_mdMechanismRSA_DecryptInit */ -static NSSCKMDCryptoOperation * -ckmk_mdMechanismRSA_DecryptInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_DecryptInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckmk_mdCryptoOperationRSAPriv_Create( - &ckmk_mdCryptoOperationRSADecrypt_proto, - mdMechanism, mdKey, CKMK_DECRYPT, pError); + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, CKMK_DECRYPT, pError); } /* * ckmk_mdMechanismRSA_SignInit */ -static NSSCKMDCryptoOperation * -ckmk_mdMechanismRSA_SignInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_SignInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckmk_mdCryptoOperationRSAPriv_Create( - &ckmk_mdCryptoOperationRSASign_proto, - mdMechanism, mdKey, CKMK_SIGN, pError); + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, CKMK_SIGN, pError); } - NSS_IMPLEMENT_DATA const NSSCKMDMechanism -nss_ckmk_mdMechanismRSA = { - (void *)NULL, /* etc */ - ckmk_mdMechanismRSA_Destroy, - ckmk_mdMechanismRSA_GetMinKeySize, - ckmk_mdMechanismRSA_GetMaxKeySize, - NULL, /* GetInHardware - default false */ - NULL, /* EncryptInit - default errs */ - ckmk_mdMechanismRSA_DecryptInit, - NULL, /* DigestInit - default errs*/ - ckmk_mdMechanismRSA_SignInit, - NULL, /* VerifyInit - default errs */ - ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */ - NULL, /* VerifyRecoverInit - default errs */ - NULL, /* GenerateKey - default errs */ - NULL, /* GenerateKeyPair - default errs */ - NULL, /* GetWrapKeyLength - default errs */ - NULL, /* WrapKey - default errs */ - NULL, /* UnwrapKey - default errs */ - NULL, /* DeriveKey - default errs */ - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckmk_mdMechanismRSA_Destroy, + ckmk_mdMechanismRSA_GetMinKeySize, + ckmk_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckmk_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckmk_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/nssmkey/msession.c b/nss/lib/ckfw/nssmkey/msession.c index 6e1e195..e6a2924 100644 --- a/nss/lib/ckfw/nssmkey/msession.c +++ b/nss/lib/ckfw/nssmkey/msession.c @@ -7,87 +7,81 @@ /* * nssmkey/msession.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "nssmkey" cryptoki module. */ static NSSCKMDFindObjects * -ckmk_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckmk_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } static NSSCKMDObject * -ckmk_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckmk_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_ckmk_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_ckmk_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - rv->CreateObject = ckmk_mdSession_CreateObject; - /* rv->CopyObject */ - rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckmk_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/nss/lib/ckfw/nssmkey/mslot.c b/nss/lib/ckfw/nssmkey/mslot.c index 7a43212..b2747ff 100644 --- a/nss/lib/ckfw/nssmkey/mslot.c +++ b/nss/lib/ckfw/nssmkey/mslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -ckmk_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_SlotDescription; + return (NSSUTF8 *)nss_ckmk_SlotDescription; } static NSSUTF8 * -ckmk_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static CK_VERSION -ckmk_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_HardwareVersion; + return nss_ckmk_HardwareVersion; } static CK_VERSION -ckmk_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_FirmwareVersion; + return nss_ckmk_FirmwareVersion; } static NSSCKMDToken * -ckmk_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_ckmk_mdToken; + return (NSSCKMDToken *)&nss_ckmk_mdToken; } NSS_IMPLEMENT_DATA const NSSCKMDSlot -nss_ckmk_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - ckmk_mdSlot_GetSlotDescription, - ckmk_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - ckmk_mdSlot_GetHardwareVersion, - ckmk_mdSlot_GetFirmwareVersion, - ckmk_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckmk_mdSlot_GetSlotDescription, + ckmk_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckmk_mdSlot_GetHardwareVersion, + ckmk_mdSlot_GetFirmwareVersion, + ckmk_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/nssmkey/mtoken.c b/nss/lib/ckfw/nssmkey/mtoken.c index a027807..e18d612 100644 --- a/nss/lib/ckfw/nssmkey/mtoken.c +++ b/nss/lib/ckfw/nssmkey/mtoken.c @@ -12,197 +12,173 @@ */ static NSSUTF8 * -ckmk_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenLabel; + return (NSSUTF8 *)nss_ckmk_TokenLabel; } static NSSUTF8 * -ckmk_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static NSSUTF8 * -ckmk_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenModel; + return (NSSUTF8 *)nss_ckmk_TokenModel; } static NSSUTF8 * -ckmk_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenSerialNumber; + return (NSSUTF8 *)nss_ckmk_TokenSerialNumber; } static CK_BBOOL -ckmk_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_FALSE; + return CK_FALSE; } /* fake out Mozilla so we don't try to initialize the token */ static CK_BBOOL -ckmk_mdToken_GetUserPinInitialized -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetUserPinInitialized( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -ckmk_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_HardwareVersion; + return nss_ckmk_HardwareVersion; } static CK_VERSION -ckmk_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_FirmwareVersion; + return nss_ckmk_FirmwareVersion; } static NSSCKMDSession * -ckmk_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +ckmk_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_ckmk_CreateSession(fwSession, pError); + return nss_ckmk_CreateSession(fwSession, pError); } static CK_ULONG -ckmk_mdToken_GetMechanismCount -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetMechanismCount( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_RV -ckmk_mdToken_GetMechanismTypes -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] -) +ckmk_mdToken_GetMechanismTypes( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]) { - types[0] = CKM_RSA_PKCS; - return CKR_OK; + types[0] = CKM_RSA_PKCS; + return CKR_OK; } static NSSCKMDMechanism * -ckmk_mdToken_GetMechanism -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +ckmk_mdToken_GetMechanism( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - if (which != CKM_RSA_PKCS) { - *pError = CKR_MECHANISM_INVALID; - return (NSSCKMDMechanism *)NULL; - } - return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA; + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA; } NSS_IMPLEMENT_DATA const NSSCKMDToken -nss_ckmk_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - ckmk_mdToken_GetLabel, - ckmk_mdToken_GetManufacturerID, - ckmk_mdToken_GetModel, - ckmk_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - ckmk_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - ckmk_mdToken_GetUserPinInitialized, - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - ckmk_mdToken_GetHardwareVersion, - ckmk_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - ckmk_mdToken_OpenSession, - ckmk_mdToken_GetMechanismCount, - ckmk_mdToken_GetMechanismTypes, - ckmk_mdToken_GetMechanism, - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckmk_mdToken_GetLabel, + ckmk_mdToken_GetManufacturerID, + ckmk_mdToken_GetModel, + ckmk_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckmk_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckmk_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckmk_mdToken_GetHardwareVersion, + ckmk_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckmk_mdToken_OpenSession, + ckmk_mdToken_GetMechanismCount, + ckmk_mdToken_GetMechanismTypes, + ckmk_mdToken_GetMechanism, + (void *)NULL /* null terminator */ + }; diff --git a/nss/lib/ckfw/nssmkey/nssmkey.h b/nss/lib/ckfw/nssmkey/nssmkey.h index bce77bf..ba58233 100644 --- a/nss/lib/ckfw/nssmkey/nssmkey.h +++ b/nss/lib/ckfw/nssmkey/nssmkey.h @@ -18,7 +18,7 @@ #define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2 #define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear @@ -33,7 +33,7 @@ #define NSS_CKMK_HARDWARE_VERSION_MAJOR 1 #define NSS_CKMK_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1 #define NSS_CKMK_FIRMWARE_VERSION_MINOR 0 diff --git a/nss/lib/ckfw/nssmkey/staticobj.c b/nss/lib/ckfw/nssmkey/staticobj.c index 0ccc861..5f3bb7c 100644 --- a/nss/lib/ckfw/nssmkey/staticobj.c +++ b/nss/lib/ckfw/nssmkey/staticobj.c @@ -17,20 +17,20 @@ static const CK_BBOOL ck_false = CK_FALSE; static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; /* example of a static object */ -static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1[] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL }; -static const NSSItem nss_ckmk_items_1 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } +static const NSSItem nss_ckmk_items_1[] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } }; ckmkInternalObject nss_ckmk_data[] = { - { ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} }, + { ckmkRaw, { { 5, nss_ckmk_types_1, nss_ckmk_items_1 } }, CKO_DATA, { NULL } }, }; const PRUint32 nss_ckmk_nObjects = 1; diff --git a/nss/lib/ckfw/object.c b/nss/lib/ckfw/object.c index 661977e..ff0542e 100644 --- a/nss/lib/ckfw/object.c +++ b/nss/lib/ckfw/object.c @@ -50,16 +50,16 @@ */ struct NSSCKFWObjectStr { - NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ - NSSArena *arena; - NSSCKMDObject *mdObject; - NSSCKMDSession *mdSession; - NSSCKFWSession *fwSession; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; - CK_OBJECT_HANDLE hObject; + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + CK_OBJECT_HANDLE hObject; }; #ifdef DEBUG @@ -75,123 +75,114 @@ struct NSSCKFWObjectStr { */ static CK_RV -object_add_pointer -( - const NSSCKFWObject *fwObject -) +object_add_pointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } static CK_RV -object_remove_pointer -( - const NSSCKFWObject *fwObject -) +object_remove_pointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWObject_verifyPointer -( - const NSSCKFWObject *fwObject -) +nssCKFWObject_verifyPointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ - /* * nssCKFWObject_Create * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWObject_Create -( - NSSArena *arena, - NSSCKMDObject *mdObject, - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWObject_Create( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - NSSCKFWObject *fwObject; - nssCKFWHash *mdObjectHash; + NSSCKFWObject *fwObject; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + if (PR_SUCCESS != nssArena_verifyPointer(arena)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } #endif /* NSSDEBUG */ - if (!fwToken) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); - if (!mdObjectHash) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } - - if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) { - fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); - return fwObject; - } - - fwObject = nss_ZNEW(arena, NSSCKFWObject); - if (!fwObject) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } - - fwObject->arena = arena; - fwObject->mdObject = mdObject; - fwObject->fwSession = fwSession; - - if (fwSession) { - fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); - } - - fwObject->fwToken = fwToken; - fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); - fwObject->fwInstance = fwInstance; - fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!fwObject->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + if (!fwToken) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); + if (!mdObjectHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; } - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } - *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); - if( CKR_OK != *pError ) { - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } + if (nssCKFWHash_Exists(mdObjectHash, mdObject)) { + fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); + return fwObject; + } + + fwObject = nss_ZNEW(arena, NSSCKFWObject); + if (!fwObject) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + fwObject->arena = arena; + fwObject->mdObject = mdObject; + fwObject->fwSession = fwSession; + + if (fwSession) { + fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); + } + + fwObject->fwToken = fwToken; + fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); + fwObject->fwInstance = fwInstance; + fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwObject->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); + if (CKR_OK != *pError) { + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } #ifdef DEBUG - *pError = object_add_pointer(fwObject); - if( CKR_OK != *pError ) { - nssCKFWHash_Remove(mdObjectHash, mdObject); - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } + *pError = object_add_pointer(fwObject); + if (CKR_OK != *pError) { + nssCKFWHash_Remove(mdObjectHash, mdObject); + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwObject; + *pError = CKR_OK; + return fwObject; } /* @@ -199,45 +190,43 @@ nssCKFWObject_Create * */ NSS_IMPLEMENT void -nssCKFWObject_Finalize -( - NSSCKFWObject *fwObject, - PRBool removeFromHash -) +nssCKFWObject_Finalize( + NSSCKFWObject *fwObject, + PRBool removeFromHash) { - nssCKFWHash *mdObjectHash; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwObject->mutex); + (void)nssCKFWMutex_Destroy(fwObject->mutex); - if (fwObject->mdObject->Finalize) { - fwObject->mdObject->Finalize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - } + if (fwObject->mdObject->Finalize) { + fwObject->mdObject->Finalize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } - if (removeFromHash) { - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); - if (mdObjectHash) { - nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + if (removeFromHash) { + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } } - } - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - nss_ZFreeIf(fwObject); + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); #ifdef DEBUG - (void)object_remove_pointer(fwObject); + (void)object_remove_pointer(fwObject); #endif /* DEBUG */ - return; + return; } /* @@ -245,42 +234,40 @@ nssCKFWObject_Finalize * */ NSS_IMPLEMENT void -nssCKFWObject_Destroy -( - NSSCKFWObject *fwObject -) +nssCKFWObject_Destroy( + NSSCKFWObject *fwObject) { - nssCKFWHash *mdObjectHash; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwObject->mutex); + (void)nssCKFWMutex_Destroy(fwObject->mutex); - if (fwObject->mdObject->Destroy) { - fwObject->mdObject->Destroy(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - } + if (fwObject->mdObject->Destroy) { + fwObject->mdObject->Destroy(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); - if (mdObjectHash) { - nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); - } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - nss_ZFreeIf(fwObject); + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); #ifdef DEBUG - (void)object_remove_pointer(fwObject); + (void)object_remove_pointer(fwObject); #endif /* DEBUG */ - return; + return; } /* @@ -288,18 +275,16 @@ nssCKFWObject_Destroy * */ NSS_IMPLEMENT NSSCKMDObject * -nssCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -) +nssCKFWObject_GetMDObject( + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (NSSCKMDObject *)NULL; + } #endif /* NSSDEBUG */ - return fwObject->mdObject; + return fwObject->mdObject; } /* @@ -307,24 +292,22 @@ nssCKFWObject_GetMDObject * */ NSS_IMPLEMENT NSSArena * -nssCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwObject->arena; + return fwObject->arena; } /* @@ -332,30 +315,28 @@ nssCKFWObject_GetArena * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_SetHandle -( - NSSCKFWObject *fwObject, - CK_OBJECT_HANDLE hObject -) +nssCKFWObject_SetHandle( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_OBJECT_HANDLE)0 != fwObject->hObject ) { - return CKR_GENERAL_ERROR; - } + if ((CK_OBJECT_HANDLE)0 != fwObject->hObject) { + return CKR_GENERAL_ERROR; + } - fwObject->hObject = hObject; + fwObject->hObject = hObject; - return CKR_OK; + return CKR_OK; } /* @@ -363,18 +344,16 @@ nssCKFWObject_SetHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWObject_GetHandle -( - NSSCKFWObject *fwObject -) +nssCKFWObject_GetHandle( + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - return fwObject->hObject; + return fwObject->hObject; } /* @@ -382,44 +361,42 @@ nssCKFWObject_GetHandle * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -) +nssCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject) { - CK_BBOOL b = CK_FALSE; + CK_BBOOL b = CK_FALSE; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->IsTokenObject) { - NSSItem item; - NSSItem *pItem; - CK_RV rv = CKR_OK; + if (!fwObject->mdObject->IsTokenObject) { + NSSItem item; + NSSItem *pItem; + CK_RV rv = CKR_OK; - item.data = (void *)&b; - item.size = sizeof(b); + item.data = (void *)&b; + item.size = sizeof(b); - pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item, - (NSSArena *)NULL, &rv); - if (!pItem) { - /* Error of some type */ - b = CK_FALSE; - goto done; - } + pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item, + (NSSArena *)NULL, &rv); + if (!pItem) { + /* Error of some type */ + b = CK_FALSE; + goto done; + } - goto done; - } + goto done; + } - b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - done: - return b; +done: + return b; } /* @@ -427,42 +404,40 @@ nssCKFWObject_IsTokenObject * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeCount) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG)0; - } + if (!fwObject->mdObject->GetAttributeCount) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - pError); + rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -470,42 +445,40 @@ nssCKFWObject_GetAttributeCount * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nssCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeTypes) { - return CKR_GENERAL_ERROR; - } + if (!fwObject->mdObject->GetAttributeTypes) { + return CKR_GENERAL_ERROR; + } - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + return error; + } - error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - typeArray, ulCount); + error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + typeArray, ulCount); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return error; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return error; } /* @@ -513,43 +486,41 @@ nssCKFWObject_GetAttributeTypes * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nssCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeSize) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG )0; - } + if (!fwObject->mdObject->GetAttributeSize) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, pError); + rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -563,97 +534,95 @@ nssCKFWObject_GetAttributeSize * specified. */ NSS_IMPLEMENT NSSItem * -nssCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -) +nssCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError) { - NSSItem *rv = (NSSItem *)NULL; - NSSCKFWItem mdItem; + NSSItem *rv = (NSSItem *)NULL; + NSSCKFWItem mdItem; #ifdef NSSDEBUG - if (!pError) { - return (NSSItem *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttribute) { - *pError = CKR_GENERAL_ERROR; - return (NSSItem *)NULL; - } + if (!fwObject->mdObject->GetAttribute) { + *pError = CKR_GENERAL_ERROR; + return (NSSItem *)NULL; + } + + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); - mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, pError); + if (!mdItem.item) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - if (!mdItem.item) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + goto done; } - goto done; - } - - if (!itemOpt) { - rv = nss_ZNEW(arenaOpt, NSSItem); - if (!rv) { - *pError = CKR_HOST_MEMORY; - goto done; + if (!itemOpt) { + rv = nss_ZNEW(arenaOpt, NSSItem); + if (!rv) { + *pError = CKR_HOST_MEMORY; + goto done; + } + } else { + rv = itemOpt; } - } else { - rv = itemOpt; - } - if (!rv->data) { - rv->size = mdItem.item->size; - rv->data = nss_ZAlloc(arenaOpt, rv->size); if (!rv->data) { - *pError = CKR_HOST_MEMORY; - if (!itemOpt) { - nss_ZFreeIf(rv); - } - rv = (NSSItem *)NULL; - goto done; - } - } else { - if( rv->size >= mdItem.item->size ) { - rv->size = mdItem.item->size; + rv->size = mdItem.item->size; + rv->data = nss_ZAlloc(arenaOpt, rv->size); + if (!rv->data) { + *pError = CKR_HOST_MEMORY; + if (!itemOpt) { + nss_ZFreeIf(rv); + } + rv = (NSSItem *)NULL; + goto done; + } } else { - *pError = CKR_BUFFER_TOO_SMALL; - /* Should we set rv->size to mdItem->size? */ - /* rv can't have been allocated */ - rv = (NSSItem *)NULL; - goto done; + if (rv->size >= mdItem.item->size) { + rv->size = mdItem.item->size; + } else { + *pError = CKR_BUFFER_TOO_SMALL; + /* Should we set rv->size to mdItem->size? */ + /* rv can't have been allocated */ + rv = (NSSItem *)NULL; + goto done; + } } - } - (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size); + (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size); - if (PR_TRUE == mdItem.needsFreeing) { - PR_ASSERT(fwObject->mdObject->FreeAttribute); - if (fwObject->mdObject->FreeAttribute) { - *pError = fwObject->mdObject->FreeAttribute(&mdItem); + if (PR_TRUE == mdItem.needsFreeing) { + PR_ASSERT(fwObject->mdObject->FreeAttribute); + if (fwObject->mdObject->FreeAttribute) { + *pError = fwObject->mdObject->FreeAttribute(&mdItem); + } } - } - done: - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -661,128 +630,126 @@ nssCKFWObject_GetAttribute * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_SetAttribute -( - NSSCKFWObject *fwObject, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nssCKFWObject_SetAttribute( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } -#endif /* NSSDEBUG */ - - if( CKA_TOKEN == attribute ) { - /* - * We're changing from a session object to a token object or - * vice-versa. - */ - - CK_ATTRIBUTE a; - NSSCKFWObject *newFwObject; - NSSCKFWObject swab; - - a.type = CKA_TOKEN; - a.pValue = value->data; - a.ulValueLen = value->size; - - newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, - &a, 1, &error); - if (!newFwObject) { - if( CKR_OK == error ) { - error = CKR_GENERAL_ERROR; - } - return error; - } - - /* - * Actually, I bet the locking is worse than this.. this part of - * the code could probably use some scrutiny and reworking. - */ - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - nssCKFWObject_Destroy(newFwObject); - return error; + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; } +#endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(newFwObject->mutex); - if( CKR_OK != error ) { - nssCKFWMutex_Unlock(fwObject->mutex); - nssCKFWObject_Destroy(newFwObject); - return error; - } - - /* - * Now, we have our new object, but it has a new fwObject pointer, - * while we have to keep the existing one. So quick swap the contents. - */ - swab = *fwObject; - *fwObject = *newFwObject; - *newFwObject = swab; - - /* But keep the mutexes the same */ - swab.mutex = fwObject->mutex; - fwObject->mutex = newFwObject->mutex; - newFwObject->mutex = swab.mutex; - - (void)nssCKFWMutex_Unlock(newFwObject->mutex); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - - /* - * Either remove or add this to the list of session objects - */ - - if( CK_FALSE == *(CK_BBOOL *)value->data ) { - /* - * New one is a session object, except since we "stole" the fwObject, it's - * not in the list. Add it. - */ - nssCKFWSession_RegisterSessionObject(fwSession, fwObject); + if (CKA_TOKEN == attribute) { + /* + * We're changing from a session object to a token object or + * vice-versa. + */ + + CK_ATTRIBUTE a; + NSSCKFWObject *newFwObject; + NSSCKFWObject swab; + + a.type = CKA_TOKEN; + a.pValue = value->data; + a.ulValueLen = value->size; + + newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, + &a, 1, &error); + if (!newFwObject) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; + } + + /* + * Actually, I bet the locking is worse than this.. this part of + * the code could probably use some scrutiny and reworking. + */ + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + nssCKFWObject_Destroy(newFwObject); + return error; + } + + error = nssCKFWMutex_Lock(newFwObject->mutex); + if (CKR_OK != error) { + nssCKFWMutex_Unlock(fwObject->mutex); + nssCKFWObject_Destroy(newFwObject); + return error; + } + + /* + * Now, we have our new object, but it has a new fwObject pointer, + * while we have to keep the existing one. So quick swap the contents. + */ + swab = *fwObject; + *fwObject = *newFwObject; + *newFwObject = swab; + + /* But keep the mutexes the same */ + swab.mutex = fwObject->mutex; + fwObject->mutex = newFwObject->mutex; + newFwObject->mutex = swab.mutex; + + (void)nssCKFWMutex_Unlock(newFwObject->mutex); + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + /* + * Either remove or add this to the list of session objects + */ + + if (CK_FALSE == *(CK_BBOOL *)value->data) { + /* + * New one is a session object, except since we "stole" the fwObject, it's + * not in the list. Add it. + */ + nssCKFWSession_RegisterSessionObject(fwSession, fwObject); + } else { + /* + * New one is a token object, except since we "stole" the fwObject, it's + * in the list. Remove it. + */ + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + } + + /* + * Now delete the old object. Remember the names have changed. + */ + nssCKFWObject_Destroy(newFwObject); + + return CKR_OK; } else { - /* - * New one is a token object, except since we "stole" the fwObject, it's - * in the list. Remove it. - */ - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - } - - /* - * Now delete the old object. Remember the names have changed. - */ - nssCKFWObject_Destroy(newFwObject); - - return CKR_OK; - } else { - /* - * An "ordinary" change. - */ - if (!fwObject->mdObject->SetAttribute) { - /* We could fake it with copying, like above.. later */ - return CKR_ATTRIBUTE_READ_ONLY; + /* + * An "ordinary" change. + */ + if (!fwObject->mdObject->SetAttribute) { + /* We could fake it with copying, like above.. later */ + return CKR_ATTRIBUTE_READ_ONLY; + } + + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + return error; + } + + error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, value); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + return error; } - - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - return error; - } - - error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, value); - - (void)nssCKFWMutex_Unlock(fwObject->mutex); - - return error; - } } /* @@ -790,42 +757,40 @@ nssCKFWObject_SetAttribute * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetObjectSize) { - *pError = CKR_INFORMATION_SENSITIVE; - return (CK_ULONG)0; - } + if (!fwObject->mdObject->GetObjectSize) { + *pError = CKR_INFORMATION_SENSITIVE; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - pError); + rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -833,18 +798,16 @@ nssCKFWObject_GetObjectSize * */ NSS_IMPLEMENT NSSCKMDObject * -NSSCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -) +NSSCKFWObject_GetMDObject( + NSSCKFWObject *fwObject) { #ifdef DEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (NSSCKMDObject *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetMDObject(fwObject); + return nssCKFWObject_GetMDObject(fwObject); } /* @@ -852,24 +815,22 @@ NSSCKFWObject_GetMDObject * */ NSS_IMPLEMENT NSSArena * -NSSCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetArena(fwObject, pError); + return nssCKFWObject_GetArena(fwObject, pError); } /* @@ -877,18 +838,16 @@ NSSCKFWObject_GetArena * */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -) +NSSCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject) { #ifdef DEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWObject_IsTokenObject(fwObject); + return nssCKFWObject_IsTokenObject(fwObject); } /* @@ -896,24 +855,22 @@ NSSCKFWObject_IsTokenObject * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeCount(fwObject, pError); + return nssCKFWObject_GetAttributeCount(fwObject, pError); } /* @@ -921,27 +878,25 @@ NSSCKFWObject_GetAttributeCount * */ NSS_IMPLEMENT CK_RV -NSSCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +NSSCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { #ifdef DEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) { + return CKR_ARGUMENTS_BAD; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount); + return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount); } /* @@ -949,25 +904,23 @@ NSSCKFWObject_GetAttributeTypes * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +NSSCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError); + return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError); } /* @@ -975,27 +928,25 @@ NSSCKFWObject_GetAttributeSize * */ NSS_IMPLEMENT NSSItem * -NSSCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -) +NSSCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSItem *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError); + return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError); } /* @@ -1003,22 +954,20 @@ NSSCKFWObject_GetAttribute * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetObjectSize(fwObject, pError); + return nssCKFWObject_GetObjectSize(fwObject, pError); } diff --git a/nss/lib/ckfw/session.c b/nss/lib/ckfw/session.c index 1d05262..a311934 100644 --- a/nss/lib/ckfw/session.c +++ b/nss/lib/ckfw/session.c @@ -25,6 +25,7 @@ * NSSCKFWSession_CallNotification * NSSCKFWSession_IsRWSession * NSSCKFWSession_IsSO + * NSSCKFWSession_GetFWSlot * * -- implement public accessors -- * nssCKFWSession_GetMDSession @@ -32,9 +33,9 @@ * nssCKFWSession_CallNotification * nssCKFWSession_IsRWSession * nssCKFWSession_IsSO + * nssCKFWSession_GetFWSlot * * -- private accessors -- - * nssCKFWSession_GetSlot * nssCKFWSession_GetSessionState * nssCKFWSession_SetFWFindObjects * nssCKFWSession_GetFWFindObjects @@ -61,26 +62,26 @@ */ struct NSSCKFWSessionStr { - NSSArena *arena; - NSSCKMDSession *mdSession; - NSSCKFWToken *fwToken; - NSSCKMDToken *mdToken; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - CK_VOID_PTR pApplication; - CK_NOTIFY Notify; - - /* - * Everything above is set at creation time, and then not modified. - * The items below are atomic. No locking required. If we fear - * about pointer-copies being nonatomic, we'll lock fwFindObjects. - */ - - CK_BBOOL rw; - NSSCKFWFindObjects *fwFindObjects; - NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; - nssCKFWHash *sessionObjectHash; - CK_SESSION_HANDLE hSession; + NSSArena *arena; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_VOID_PTR pApplication; + CK_NOTIFY Notify; + + /* + * Everything above is set at creation time, and then not modified. + * The items below are atomic. No locking required. If we fear + * about pointer-copies being nonatomic, we'll lock fwFindObjects. + */ + + CK_BBOOL rw; + NSSCKFWFindObjects *fwFindObjects; + NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; + nssCKFWHash *sessionObjectHash; + CK_SESSION_HANDLE hSession; }; #ifdef DEBUG @@ -96,30 +97,24 @@ struct NSSCKFWSessionStr { */ static CK_RV -session_add_pointer -( - const NSSCKFWSession *fwSession -) +session_add_pointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } static CK_RV -session_remove_pointer -( - const NSSCKFWSession *fwSession -) +session_remove_pointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWSession_verifyPointer -( - const NSSCKFWSession *fwSession -) +nssCKFWSession_verifyPointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -129,95 +124,91 @@ nssCKFWSession_verifyPointer * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWSession_Create -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -) +nssCKFWSession_Create( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError) { - NSSArena *arena = (NSSArena *)NULL; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSession *)NULL; - } + if (!pError) { + return (NSSCKFWSession *)NULL; + } - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWSession *)NULL; - } + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSession *)NULL; + } - fwSession = nss_ZNEW(arena, NSSCKFWSession); - if (!fwSession) { - *pError = CKR_HOST_MEMORY; - goto loser; - } + fwSession = nss_ZNEW(arena, NSSCKFWSession); + if (!fwSession) { + *pError = CKR_HOST_MEMORY; + goto loser; + } - fwSession->arena = arena; - fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ - fwSession->fwToken = fwToken; - fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); + fwSession->arena = arena; + fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ + fwSession->fwToken = fwToken; + fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); - fwSlot = nssCKFWToken_GetFWSlot(fwToken); - fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); - fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + fwSlot = nssCKFWToken_GetFWSlot(fwToken); + fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); - fwSession->rw = rw; - fwSession->pApplication = pApplication; - fwSession->Notify = Notify; + fwSession->rw = rw; + fwSession->pApplication = pApplication; + fwSession->Notify = Notify; - fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; + fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; - fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); - if (!fwSession->sessionObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); + if (!fwSession->sessionObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; } - goto loser; - } #ifdef DEBUG - *pError = session_add_pointer(fwSession); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = session_add_pointer(fwSession); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - return fwSession; + return fwSession; - loser: - if (arena) { - if (fwSession && fwSession->sessionObjectHash) { - (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); +loser: + if (arena) { + if (fwSession && fwSession->sessionObjectHash) { + (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); + } + NSSArena_Destroy(arena); } - NSSArena_Destroy(arena); - } - return (NSSCKFWSession *)NULL; + return (NSSCKFWSession *)NULL; } static void -nss_ckfw_session_object_destroy_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfw_session_object_destroy_iterator( + const void *key, + void *value, + void *closure) { - NSSCKFWObject *fwObject = (NSSCKFWObject *)value; - nssCKFWObject_Finalize(fwObject, PR_TRUE); + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + nssCKFWObject_Finalize(fwObject, PR_TRUE); } /* @@ -225,51 +216,49 @@ nss_ckfw_session_object_destroy_iterator * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Destroy -( - NSSCKFWSession *fwSession, - CK_BBOOL removeFromTokenHash -) +nssCKFWSession_Destroy( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash) { - CK_RV error = CKR_OK; - nssCKFWHash *sessionObjectHash; - NSSCKFWCryptoOperationState i; + CK_RV error = CKR_OK; + nssCKFWHash *sessionObjectHash; + NSSCKFWCryptoOperationState i; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( removeFromTokenHash ) { - error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); - } + if (removeFromTokenHash) { + error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); + } - /* - * Invalidate session objects - */ + /* + * Invalidate session objects + */ - sessionObjectHash = fwSession->sessionObjectHash; - fwSession->sessionObjectHash = (nssCKFWHash *)NULL; + sessionObjectHash = fwSession->sessionObjectHash; + fwSession->sessionObjectHash = (nssCKFWHash *)NULL; - nssCKFWHash_Iterate(sessionObjectHash, - nss_ckfw_session_object_destroy_iterator, - (void *)NULL); + nssCKFWHash_Iterate(sessionObjectHash, + nss_ckfw_session_object_destroy_iterator, + (void *)NULL); - for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) { - if (fwSession->fwOperationArray[i]) { - nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); + for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) { + if (fwSession->fwOperationArray[i]) { + nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); + } } - } #ifdef DEBUG - (void)session_remove_pointer(fwSession); + (void)session_remove_pointer(fwSession); #endif /* DEBUG */ - (void)nssCKFWHash_Destroy(sessionObjectHash); - NSSArena_Destroy(fwSession->arena); + (void)nssCKFWHash_Destroy(sessionObjectHash); + NSSArena_Destroy(fwSession->arena); - return error; + return error; } /* @@ -277,18 +266,16 @@ nssCKFWSession_Destroy * */ NSS_IMPLEMENT NSSCKMDSession * -nssCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetMDSession( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKMDSession *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKMDSession *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->mdSession; + return fwSession->mdSession; } /* @@ -296,24 +283,22 @@ nssCKFWSession_GetMDSession * */ NSS_IMPLEMENT NSSArena * -nssCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->arena; + return fwSession->arena; } /* @@ -321,34 +306,32 @@ nssCKFWSession_GetArena * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -) +nssCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event) { - CK_RV error = CKR_OK; - CK_SESSION_HANDLE handle; + CK_RV error = CKR_OK; + CK_SESSION_HANDLE handle; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_NOTIFY)NULL == fwSession->Notify ) { - return CKR_OK; - } + if ((CK_NOTIFY)NULL == fwSession->Notify) { + return CKR_OK; + } - handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); - if( (CK_SESSION_HANDLE)0 == handle ) { - return CKR_GENERAL_ERROR; - } + handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); + if ((CK_SESSION_HANDLE)0 == handle) { + return CKR_GENERAL_ERROR; + } - error = fwSession->Notify(handle, event, fwSession->pApplication); + error = fwSession->Notify(handle, event, fwSession->pApplication); - return error; + return error; } /* @@ -356,18 +339,16 @@ nssCKFWSession_CallNotification * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -) +nssCKFWSession_IsRWSession( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwSession->rw; + return fwSession->rw; } /* @@ -375,31 +356,29 @@ nssCKFWSession_IsRWSession * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSession_IsSO -( - NSSCKFWSession *fwSession -) +nssCKFWSession_IsSO( + NSSCKFWSession *fwSession) { - CK_STATE state; + CK_STATE state; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - state = nssCKFWToken_GetSessionState(fwSession->fwToken); - switch( state ) { - case CKS_RO_PUBLIC_SESSION: - case CKS_RO_USER_FUNCTIONS: - case CKS_RW_PUBLIC_SESSION: - case CKS_RW_USER_FUNCTIONS: - return CK_FALSE; - case CKS_RW_SO_FUNCTIONS: - return CK_TRUE; - default: - return CK_FALSE; - } + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + switch (state) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + return CK_FALSE; + case CKS_RW_SO_FUNCTIONS: + return CK_TRUE; + default: + return CK_FALSE; + } } /* @@ -407,18 +386,16 @@ nssCKFWSession_IsSO * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWSession_GetFWSlot -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - return nssCKFWToken_GetFWSlot(fwSession->fwToken); + return nssCKFWToken_GetFWSlot(fwSession->fwToken); } /* @@ -426,18 +403,16 @@ nssCKFWSession_GetFWSlot * */ NSS_IMPLEMENT CK_STATE -nssCKFWSession_GetSessionState -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetSessionState( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKS_RO_PUBLIC_SESSION; /* whatever */ - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } #endif /* NSSDEBUG */ - return nssCKFWToken_GetSessionState(fwSession->fwToken); + return nssCKFWToken_GetSessionState(fwSession->fwToken); } /* @@ -445,33 +420,31 @@ nssCKFWSession_GetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetFWFindObjects -( - NSSCKFWSession *fwSession, - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWSession_SetFWFindObjects( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - /* fwFindObjects may be null */ +/* fwFindObjects may be null */ #endif /* NSSDEBUG */ - if ((fwSession->fwFindObjects) && - (fwFindObjects)) { - return CKR_OPERATION_ACTIVE; - } + if ((fwSession->fwFindObjects) && + (fwFindObjects)) { + return CKR_OPERATION_ACTIVE; + } - fwSession->fwFindObjects = fwFindObjects; + fwSession->fwFindObjects = fwFindObjects; - return CKR_OK; + return CKR_OK; } /* @@ -479,29 +452,27 @@ nssCKFWSession_SetFWFindObjects * */ NSS_IMPLEMENT NSSCKFWFindObjects * -nssCKFWSession_GetFWFindObjects -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetFWFindObjects( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWFindObjects *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWFindObjects *)NULL; - } + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWFindObjects *)NULL; + } #endif /* NSSDEBUG */ - if (!fwSession->fwFindObjects) { - *pError = CKR_OPERATION_NOT_INITIALIZED; - return (NSSCKFWFindObjects *)NULL; - } + if (!fwSession->fwFindObjects) { + *pError = CKR_OPERATION_NOT_INITIALIZED; + return (NSSCKFWFindObjects *)NULL; + } - return fwSession->fwFindObjects; + return fwSession->fwFindObjects; } /* @@ -509,34 +480,32 @@ nssCKFWSession_GetFWFindObjects * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetMDSession -( - NSSCKFWSession *fwSession, - NSSCKMDSession *mdSession -) +nssCKFWSession_SetMDSession( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!mdSession) { - return CKR_ARGUMENTS_BAD; - } + if (!mdSession) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } - fwSession->mdSession = mdSession; + fwSession->mdSession = mdSession; - return CKR_OK; + return CKR_OK; } /* @@ -544,30 +513,28 @@ nssCKFWSession_SetMDSession * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetHandle -( - NSSCKFWSession *fwSession, - CK_SESSION_HANDLE hSession -) +nssCKFWSession_SetHandle( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) { - return CKR_GENERAL_ERROR; - } + if ((CK_SESSION_HANDLE)0 != fwSession->hSession) { + return CKR_GENERAL_ERROR; + } - fwSession->hSession = hSession; + fwSession->hSession = hSession; - return CKR_OK; + return CKR_OK; } /* @@ -575,18 +542,16 @@ nssCKFWSession_SetHandle * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWSession_GetHandle -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetHandle( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return NULL; + } #endif /* NSSDEBUG */ - return fwSession->hSession; + return fwSession->hSession; } /* @@ -594,25 +559,23 @@ nssCKFWSession_GetHandle * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_RegisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWSession_RegisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKR_GENERAL_ERROR; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (fwSession->sessionObjectHash) { - rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); - } + if (fwSession->sessionObjectHash) { + rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + } - return rv; + return rv; } /* @@ -620,23 +583,21 @@ nssCKFWSession_RegisterSessionObject * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DeregisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWSession_DeregisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKR_GENERAL_ERROR; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (fwSession->sessionObjectHash) { - nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); - } + if (fwSession->sessionObjectHash) { + nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); + } - return CKR_OK; + return CKR_OK; } /* @@ -644,28 +605,26 @@ nssCKFWSession_DeregisterSessionObject * */ NSS_IMPLEMENT CK_ULONG -nssCKFWSession_GetDeviceError -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetDeviceError( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (CK_ULONG)0; + } - if (!fwSession->mdSession) { - return (CK_ULONG)0; - } + if (!fwSession->mdSession) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetDeviceError) { - return (CK_ULONG)0; - } + if (!fwSession->mdSession->GetDeviceError) { + return (CK_ULONG)0; + } - return fwSession->mdSession->GetDeviceError(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance); + return fwSession->mdSession->GetDeviceError(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); } /* @@ -673,116 +632,117 @@ nssCKFWSession_GetDeviceError * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Login -( - NSSCKFWSession *fwSession, - CK_USER_TYPE userType, - NSSItem *pin -) +nssCKFWSession_Login( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin) { - CK_RV error = CKR_OK; - CK_STATE oldState; - CK_STATE newState; + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - switch( userType ) { - case CKU_SO: - case CKU_USER: - break; - default: - return CKR_USER_TYPE_INVALID; - } + switch (userType) { + case CKU_SO: + case CKU_USER: + break; + default: + return CKR_USER_TYPE_INVALID; + } - if (!pin) { - if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) { - return CKR_ARGUMENTS_BAD; + if (!pin) { + if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); - - /* - * It's not clear what happens when you're already logged in. - * I'll just fail; but if we decide to change, the logic is - * all right here. - */ - - if( CKU_SO == userType ) { - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - /* - * There's no such thing as a read-only security officer - * session, so fail. The error should be CKR_SESSION_READ_ONLY, - * except that C_Login isn't defined to return that. So we'll - * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. - */ - return CKR_SESSION_READ_ONLY_EXISTS; - case CKS_RO_USER_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - case CKS_RW_PUBLIC_SESSION: - newState = CKS_RW_SO_FUNCTIONS; - break; - case CKS_RW_USER_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - case CKS_RW_SO_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - default: - return CKR_GENERAL_ERROR; - } - } else /* CKU_USER == userType */ { - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - newState = CKS_RO_USER_FUNCTIONS; - break; - case CKS_RO_USER_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - case CKS_RW_PUBLIC_SESSION: - newState = CKS_RW_USER_FUNCTIONS; - break; - case CKS_RW_USER_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - case CKS_RW_SO_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - default: - return CKR_GENERAL_ERROR; - } - } - - /* - * So now we're in one of three cases: - * - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; - * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; - */ - - if (!fwSession->mdSession->Login) { + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + /* - * The Module doesn't want to be informed (or check the pin) - * it'll just rely on the Framework as needed. + * It's not clear what happens when you're already logged in. + * I'll just fail; but if we decide to change, the logic is + * all right here. */ - ; - } else { - error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, userType, pin, oldState, newState); - if( CKR_OK != error ) { - return error; - } - } - - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); - return CKR_OK; + + if (CKU_SO == userType) { + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + /* + * There's no such thing as a read-only security officer + * session, so fail. The error should be CKR_SESSION_READ_ONLY, + * except that C_Login isn't defined to return that. So we'll + * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. + */ + return CKR_SESSION_READ_ONLY_EXISTS; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = + CKS_RW_SO_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } else /* CKU_USER == userType */ { + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + newState = + CKS_RO_USER_FUNCTIONS; + break; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = + CKS_RW_USER_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } + + /* + * So now we're in one of three cases: + * + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; + * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; + */ + + if (!fwSession->mdSession->Login) { + /* + * The Module doesn't want to be informed (or check the pin) + * it'll just rely on the Framework as needed. + */ + ; + } else { + error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, userType, pin, oldState, newState); + if (CKR_OK != error) { + return error; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return CKR_OK; } /* @@ -790,74 +750,72 @@ nssCKFWSession_Login * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Logout -( - NSSCKFWSession *fwSession -) +nssCKFWSession_Logout( + NSSCKFWSession *fwSession) { - CK_RV error = CKR_OK; - CK_STATE oldState; - CK_STATE newState; + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); - - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - return CKR_USER_NOT_LOGGED_IN; - case CKS_RO_USER_FUNCTIONS: - newState = CKS_RO_PUBLIC_SESSION; - break; - case CKS_RW_PUBLIC_SESSION: - return CKR_USER_NOT_LOGGED_IN; - case CKS_RW_USER_FUNCTIONS: - newState = CKS_RW_PUBLIC_SESSION; - break; - case CKS_RW_SO_FUNCTIONS: - newState = CKS_RW_PUBLIC_SESSION; - break; - default: - return CKR_GENERAL_ERROR; - } - - /* - * So now we're in one of three cases: - * - * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; - * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; - * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; - */ - - if (!fwSession->mdSession->Logout) { + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RO_USER_FUNCTIONS: + newState = CKS_RO_PUBLIC_SESSION; + break; + case CKS_RW_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RW_USER_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + case CKS_RW_SO_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + default: + return CKR_GENERAL_ERROR; + } + /* - * The Module doesn't want to be informed. Okay. + * So now we're in one of three cases: + * + * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; */ - ; - } else { - error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, oldState, newState); - if( CKR_OK != error ) { - /* - * Now what?! A failure really should end up with the Framework - * considering it logged out, right? - */ - ; - } - } - - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); - return error; + + if (!fwSession->mdSession->Logout) { + /* + * The Module doesn't want to be informed. Okay. + */ + ; + } else { + error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, oldState, newState); + if (CKR_OK != error) { + /* + * Now what?! A failure really should end up with the Framework + * considering it logged out, right? + */ + ; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return error; } /* @@ -865,47 +823,45 @@ nssCKFWSession_Logout * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_InitPIN -( - NSSCKFWSession *fwSession, - NSSItem *pin -) +nssCKFWSession_InitPIN( + NSSCKFWSession *fwSession, + NSSItem *pin) { - CK_RV error = CKR_OK; - CK_STATE state; + CK_RV error = CKR_OK; + CK_STATE state; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - state = nssCKFWToken_GetSessionState(fwSession->fwToken); - if( CKS_RW_SO_FUNCTIONS != state ) { - return CKR_USER_NOT_LOGGED_IN; - } + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + if (CKS_RW_SO_FUNCTIONS != state) { + return CKR_USER_NOT_LOGGED_IN; + } - if (!pin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!pin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession->InitPIN) { - return CKR_TOKEN_WRITE_PROTECTED; - } + if (!fwSession->mdSession->InitPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } - error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, pin); + error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pin); - return error; + return error; } /* @@ -913,49 +869,47 @@ nssCKFWSession_InitPIN * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetPIN -( - NSSCKFWSession *fwSession, - NSSItem *newPin, - NSSItem *oldPin -) +nssCKFWSession_SetPIN( + NSSCKFWSession *fwSession, + NSSItem *oldPin, + NSSItem *newPin) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!newPin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!newPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!oldPin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!oldPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession->SetPIN) { - return CKR_TOKEN_WRITE_PROTECTED; - } + if (!fwSession->mdSession->SetPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } - error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, newPin, oldPin); + error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, oldPin, newPin); - return error; + return error; } /* @@ -963,54 +917,52 @@ nssCKFWSession_SetPIN * */ NSS_IMPLEMENT CK_ULONG -nssCKFWSession_GetOperationStateLen -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetOperationStateLen( + NSSCKFWSession *fwSession, + CK_RV *pError) { - CK_ULONG mdAmt; - CK_ULONG fwAmt; + CK_ULONG mdAmt; + CK_ULONG fwAmt; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetOperationStateLen) { - *pError = CKR_STATE_UNSAVEABLE; - return (CK_ULONG)0; - } + if (!fwSession->mdSession->GetOperationStateLen) { + *pError = CKR_STATE_UNSAVEABLE; + return (CK_ULONG)0; + } - /* - * We could check that the session is actually in some state.. - */ + /* + * We could check that the session is actually in some state.. + */ - mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, pError); + mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pError); - if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) { - return (CK_ULONG)0; - } + if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) { + return (CK_ULONG)0; + } - /* - * Add a bit of sanity-checking - */ - fwAmt = mdAmt + 2*sizeof(CK_ULONG); + /* + * Add a bit of sanity-checking + */ + fwAmt = mdAmt + 2 * sizeof(CK_ULONG); - return fwAmt; + return fwAmt; } /* @@ -1018,82 +970,80 @@ nssCKFWSession_GetOperationStateLen * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_GetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *buffer -) +nssCKFWSession_GetOperationState( + NSSCKFWSession *fwSession, + NSSItem *buffer) { - CK_RV error = CKR_OK; - CK_ULONG fwAmt; - CK_ULONG *ulBuffer; - NSSItem i2; - CK_ULONG n, i; + CK_RV error = CKR_OK; + CK_ULONG fwAmt; + CK_ULONG *ulBuffer; + NSSItem i2; + CK_ULONG n, i; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!buffer) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } - if (!buffer->data) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetOperationState) { - return CKR_STATE_UNSAVEABLE; - } + if (!fwSession->mdSession->GetOperationState) { + return CKR_STATE_UNSAVEABLE; + } - /* - * Sanity-check the caller's buffer. - */ + /* + * Sanity-check the caller's buffer. + */ - error = CKR_OK; - fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); - if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) { - return error; - } + error = CKR_OK; + fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) { + return error; + } - if( buffer->size < fwAmt ) { - return CKR_BUFFER_TOO_SMALL; - } + if (buffer->size < fwAmt) { + return CKR_BUFFER_TOO_SMALL; + } - ulBuffer = (CK_ULONG *)buffer->data; + ulBuffer = (CK_ULONG *)buffer->data; - i2.size = buffer->size - 2*sizeof(CK_ULONG); - i2.data = (void *)&ulBuffer[2]; + i2.size = buffer->size - 2 * sizeof(CK_ULONG); + i2.data = (void *)&ulBuffer[2]; - error = fwSession->mdSession->GetOperationState(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, &i2); + error = fwSession->mdSession->GetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, &i2); - if( CKR_OK != error ) { - return error; - } - - /* - * Add a little integrety/identity check. - * NOTE: right now, it's pretty stupid. - * A CRC or something would be better. - */ - - ulBuffer[0] = 0x434b4657; /* CKFW */ - ulBuffer[1] = 0; - n = i2.size/sizeof(CK_ULONG); - for( i = 0; i < n; i++ ) { - ulBuffer[1] ^= ulBuffer[2+i]; - } - - return CKR_OK; + if (CKR_OK != error) { + return error; + } + + /* + * Add a little integrety/identity check. + * NOTE: right now, it's pretty stupid. + * A CRC or something would be better. + */ + + ulBuffer[0] = 0x434b4657; /* CKFW */ + ulBuffer[1] = 0; + n = i2.size / sizeof(CK_ULONG); + for (i = 0; i < n; i++) { + ulBuffer[1] ^= ulBuffer[2 + i]; + } + + return CKR_OK; } /* @@ -1101,126 +1051,122 @@ nssCKFWSession_GetOperationState * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *state, - NSSCKFWObject *encryptionKey, - NSSCKFWObject *authenticationKey -) +nssCKFWSession_SetOperationState( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey) { - CK_RV error = CKR_OK; - CK_ULONG *ulBuffer; - CK_ULONG n, i; - CK_ULONG x; - NSSItem s; - NSSCKMDObject *mdek; - NSSCKMDObject *mdak; + CK_RV error = CKR_OK; + CK_ULONG *ulBuffer; + CK_ULONG n, i; + CK_ULONG x; + NSSItem s; + NSSCKMDObject *mdek; + NSSCKMDObject *mdak; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!state) { - return CKR_ARGUMENTS_BAD; - } + if (!state) { + return CKR_ARGUMENTS_BAD; + } - if (!state->data) { - return CKR_ARGUMENTS_BAD; - } + if (!state->data) { + return CKR_ARGUMENTS_BAD; + } - if (encryptionKey) { - error = nssCKFWObject_verifyPointer(encryptionKey); - if( CKR_OK != error ) { - return error; + if (encryptionKey) { + error = nssCKFWObject_verifyPointer(encryptionKey); + if (CKR_OK != error) { + return error; + } } - } - if (authenticationKey) { - error = nssCKFWObject_verifyPointer(authenticationKey); - if( CKR_OK != error ) { - return error; + if (authenticationKey) { + error = nssCKFWObject_verifyPointer(authenticationKey); + if (CKR_OK != error) { + return error; + } } - } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - ulBuffer = (CK_ULONG *)state->data; - if( 0x43b4657 != ulBuffer[0] ) { - return CKR_SAVED_STATE_INVALID; - } - n = (state->size / sizeof(CK_ULONG)) - 2; - x = (CK_ULONG)0; - for( i = 0; i < n; i++ ) { - x ^= ulBuffer[2+i]; - } - - if( x != ulBuffer[1] ) { - return CKR_SAVED_STATE_INVALID; - } - - if (!fwSession->mdSession->SetOperationState) { - return CKR_GENERAL_ERROR; - } - - s.size = state->size - 2*sizeof(CK_ULONG); - s.data = (void *)&ulBuffer[2]; - - if (encryptionKey) { - mdek = nssCKFWObject_GetMDObject(encryptionKey); - } else { - mdek = (NSSCKMDObject *)NULL; - } - - if (authenticationKey) { - mdak = nssCKFWObject_GetMDObject(authenticationKey); - } else { - mdak = (NSSCKMDObject *)NULL; - } - - error = fwSession->mdSession->SetOperationState(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); - - if( CKR_OK != error ) { - return error; - } + ulBuffer = (CK_ULONG *)state->data; + if (0x43b4657 != ulBuffer[0]) { + return CKR_SAVED_STATE_INVALID; + } + n = (state->size / sizeof(CK_ULONG)) - 2; + x = (CK_ULONG)0; + for (i = 0; i < n; i++) { + x ^= ulBuffer[2 + i]; + } + + if (x != ulBuffer[1]) { + return CKR_SAVED_STATE_INVALID; + } + + if (!fwSession->mdSession->SetOperationState) { + return CKR_GENERAL_ERROR; + } + + s.size = state->size - 2 * sizeof(CK_ULONG); + s.data = (void *)&ulBuffer[2]; + + if (encryptionKey) { + mdek = nssCKFWObject_GetMDObject(encryptionKey); + } else { + mdek = (NSSCKMDObject *)NULL; + } + + if (authenticationKey) { + mdak = nssCKFWObject_GetMDObject(authenticationKey); + } else { + mdak = (NSSCKMDObject *)NULL; + } - /* - * Here'd we restore any session data - */ - - return CKR_OK; + error = fwSession->mdSession->SetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); + + if (CKR_OK != error) { + return error; + } + + /* + * Here'd we restore any session data + */ + + return CKR_OK; } static CK_BBOOL -nss_attributes_form_token_object -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount -) +nss_attributes_form_token_object( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount) { - CK_ULONG i; - CK_BBOOL rv; - - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* If we sanity-check, we can remove this sizeof check */ - if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) { - (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); - return rv; - } else { - return CK_FALSE; - } + CK_ULONG i; + CK_BBOOL rv; + + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* If we sanity-check, we can remove this sizeof check */ + if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) { + (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); + return rv; + } else { + return CK_FALSE; + } + } } - } - return CK_FALSE; + return CK_FALSE; } /* @@ -1228,133 +1174,132 @@ nss_attributes_form_token_object * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWSession_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject; - CK_BBOOL isTokenObject; + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject; + CK_BBOOL isTokenObject; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != pError ) { - return (NSSCKFWObject *)NULL; - } - - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } -#endif /* NSSDEBUG */ - - /* - * Here would be an excellent place to sanity-check the object. - */ + if (!pError) { + return (NSSCKFWObject *)NULL; + } - isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); - if( CK_TRUE == isTokenObject ) { - /* === TOKEN OBJECT === */ + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != pError) { + return (NSSCKFWObject *)NULL; + } - if (!fwSession->mdSession->CreateObject) { - *pError = CKR_TOKEN_WRITE_PROTECTED; - return (NSSCKFWObject *)NULL; + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; } - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); - if (!arena) { - if( CKR_OK == *pError ) { + if (!fwSession->mdSession) { *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; + return (NSSCKFWObject *)NULL; } +#endif /* NSSDEBUG */ - goto callmdcreateobject; - } else { - /* === SESSION OBJECT === */ + /* + * Here would be an excellent place to sanity-check the object. + */ - arena = nssCKFWSession_GetArena(fwSession, pError); - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; + isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); + if (CK_TRUE == isTokenObject) { + /* === TOKEN OBJECT === */ + + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; + } else { + /* === SESSION OBJECT === */ + + arena = nssCKFWSession_GetArena(fwSession, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)) { + /* --- module handles the session object -- */ + + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; + } else { + /* --- framework handles the session object -- */ + mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, + arena, pTemplate, ulAttributeCount, pError); + goto gotmdobject; + } } - if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance) ) { - /* --- module handles the session object -- */ +callmdcreateobject: + mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, + ulAttributeCount, pError); - if (!fwSession->mdSession->CreateObject) { - *pError = CKR_GENERAL_ERROR; +gotmdobject: + if (!mdObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } return (NSSCKFWObject *)NULL; - } - - goto callmdcreateobject; - } else { - /* --- framework handles the session object -- */ - mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, - arena, pTemplate, ulAttributeCount, pError); - goto gotmdobject; - } - } - - callmdcreateobject: - mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, - ulAttributeCount, pError); - - gotmdobject: - if (!mdObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; - } - - fwObject = nssCKFWObject_Create(arena, mdObject, - isTokenObject ? NULL : fwSession, - fwSession->fwToken, fwSession->fwInstance, pError); - if (!fwObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - - if (mdObject->Destroy) { - (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, - fwSession->mdSession, fwSession, fwSession->mdToken, - fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); - } - - return (NSSCKFWObject *)NULL; - } - - if( CK_FALSE == isTokenObject ) { - if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) { - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); - if( CKR_OK != *pError ) { - nssCKFWObject_Finalize(fwObject, PR_TRUE); + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + isTokenObject ? NULL + : fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + if (!fwObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + + if (mdObject->Destroy) { + (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, + fwSession->mdSession, fwSession, fwSession->mdToken, + fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); + } + return (NSSCKFWObject *)NULL; - } } - } - - return fwObject; + + if (CK_FALSE == isTokenObject) { + if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + if (CKR_OK != *pError) { + nssCKFWObject_Finalize(fwObject, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } + + return fwObject; } /* @@ -1362,222 +1307,228 @@ nssCKFWSession_CreateObject * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWSession_CopyObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_CopyObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_BBOOL oldIsToken; - CK_BBOOL newIsToken; - CK_ULONG i; - NSSCKFWObject *rv; + CK_BBOOL oldIsToken; + CK_BBOOL newIsToken; + CK_ULONG i; + NSSCKFWObject *rv; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } #endif /* NSSDEBUG */ - /* - * Sanity-check object - */ + /* + * Sanity-check object + */ - if (!fwObject) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } + if (!fwObject) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } - oldIsToken = nssCKFWObject_IsTokenObject(fwObject); + oldIsToken = nssCKFWObject_IsTokenObject(fwObject); - newIsToken = oldIsToken; - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* Since we sanity-checked the object, we know this is the right size. */ - (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); - break; + newIsToken = oldIsToken; + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* Since we sanity-checked the object, we know this is the right size. */ + (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + break; + } } - } - /* - * If the Module handles its session objects, or if both the new - * and old object are token objects, use CopyObject if it exists. - */ + /* + * If the Module handles its session objects, or if both the new + * and old object are token objects, use CopyObject if it exists. + */ - if ((fwSession->mdSession->CopyObject) && - (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || - (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance))) ) { - /* use copy object */ - NSSArena *arena; - NSSCKMDObject *mdOldObject; - NSSCKMDObject *mdObject; + if ((fwSession->mdSession->CopyObject) && + (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || + (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)))) { + /* use copy object */ + NSSArena *arena; + NSSCKMDObject *mdOldObject; + NSSCKMDObject *mdObject; - mdOldObject = nssCKFWObject_GetMDObject(fwObject); + mdOldObject = nssCKFWObject_GetMDObject(fwObject); - if( CK_TRUE == newIsToken ) { - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); - } else { - arena = nssCKFWSession_GetArena(fwSession, pError); - } - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; - } + if (CK_TRUE == newIsToken) { + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + } else { + arena = nssCKFWSession_GetArena(fwSession, pError); + } + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } - mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, mdOldObject, - fwObject, arena, pTemplate, ulAttributeCount, pError); - if (!mdObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; - } + mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, mdOldObject, + fwObject, arena, pTemplate, ulAttributeCount, pError); + if (!mdObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } - rv = nssCKFWObject_Create(arena, mdObject, - newIsToken ? NULL : fwSession, - fwSession->fwToken, fwSession->fwInstance, pError); + rv = nssCKFWObject_Create(arena, mdObject, + newIsToken ? NULL + : fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + + if (CK_FALSE == newIsToken) { + if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); + if (CKR_OK != *pError) { + nssCKFWObject_Finalize(rv, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } - if( CK_FALSE == newIsToken ) { - if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) { - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); - if( CKR_OK != *pError ) { - nssCKFWObject_Finalize(rv, PR_TRUE); - return (NSSCKFWObject *)NULL; + return rv; + } else { + /* use create object */ + NSSArena *tmpArena; + CK_ATTRIBUTE_PTR newTemplate; + CK_ULONG i, j, n, newLength, k; + CK_ATTRIBUTE_TYPE_PTR oldTypes; + NSSCKFWObject *rv; + + n = nssCKFWObject_GetAttributeCount(fwObject, pError); + if ((0 == n) && (CKR_OK != *pError)) { + return (NSSCKFWObject *)NULL; } - } - } - return rv; - } else { - /* use create object */ - NSSArena *tmpArena; - CK_ATTRIBUTE_PTR newTemplate; - CK_ULONG i, j, n, newLength, k; - CK_ATTRIBUTE_TYPE_PTR oldTypes; - NSSCKFWObject *rv; - - n = nssCKFWObject_GetAttributeCount(fwObject, pError); - if( (0 == n) && (CKR_OK != *pError) ) { - return (NSSCKFWObject *)NULL; - } + tmpArena = NSSArena_Create(); + if (!tmpArena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } - tmpArena = NSSArena_Create(); - if (!tmpArena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } + oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } - oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) { - NSSArena_Destroy(tmpArena); - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } + *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); + if (CKR_OK != *pError) { + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } - *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); - if( CKR_OK != *pError ) { - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; - } + newLength = n; + for (i = 0; i < ulAttributeCount; i++) { + for (j = 0; j < n; j++) { + if (oldTypes[j] == pTemplate[i].type) { + if ((CK_VOID_PTR)NULL == + pTemplate[i].pValue) { + /* Removing the attribute */ + newLength--; + } + break; + } + } + if (j == n) { + /* Not found */ + newLength++; + } + } - newLength = n; - for( i = 0; i < ulAttributeCount; i++ ) { - for( j = 0; j < n; j++ ) { - if( oldTypes[j] == pTemplate[i].type ) { - if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { - /* Removing the attribute */ - newLength--; - } - break; + newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); + if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; } - } - if( j == n ) { - /* Not found */ - newLength++; - } - } - - newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); - if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) { - NSSArena_Destroy(tmpArena); - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } - - k = 0; - for( j = 0; j < n; j++ ) { - for( i = 0; i < ulAttributeCount; i++ ) { - if( oldTypes[j] == pTemplate[i].type ) { - if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { - /* This attribute is being deleted */ - ; - } else { - /* This attribute is being replaced */ - newTemplate[k].type = pTemplate[i].type; - newTemplate[k].pValue = pTemplate[i].pValue; - newTemplate[k].ulValueLen = pTemplate[i].ulValueLen; - k++; - } - break; + + k = 0; + for (j = 0; j < n; j++) { + for (i = 0; i < ulAttributeCount; i++) { + if (oldTypes[j] == pTemplate[i].type) { + if ((CK_VOID_PTR)NULL == + pTemplate[i].pValue) { + /* This attribute is being deleted */ + ; + } else { + /* This attribute is being replaced */ + newTemplate[k].type = + pTemplate[i].type; + newTemplate[k].pValue = + pTemplate[i].pValue; + newTemplate[k].ulValueLen = + pTemplate[i].ulValueLen; + k++; + } + break; + } + } + if (i == ulAttributeCount) { + /* This attribute is being copied over from the old object */ + NSSItem item, *it; + item.size = 0; + item.data = (void *)NULL; + it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], + &item, tmpArena, pError); + if (!it) { + if (CKR_OK == + *pError) { + *pError = + CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + newTemplate[k].type = oldTypes[j]; + newTemplate[k].pValue = it->data; + newTemplate[k].ulValueLen = it->size; + k++; + } } - } - if( i == ulAttributeCount ) { - /* This attribute is being copied over from the old object */ - NSSItem item, *it; - item.size = 0; - item.data = (void *)NULL; - it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], - &item, tmpArena, pError); - if (!it) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; + /* assert that k == newLength */ + + rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); + if (!rv) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; } - newTemplate[k].type = oldTypes[j]; - newTemplate[k].pValue = it->data; - newTemplate[k].ulValueLen = it->size; - k++; - } - } - /* assert that k == newLength */ - rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); - if (!rv) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; + NSSArena_Destroy(tmpArena); + return rv; } - - NSSArena_Destroy(tmpArena); - return rv; - } } /* @@ -1585,135 +1536,140 @@ nssCKFWSession_CopyObject * */ NSS_IMPLEMENT NSSCKFWFindObjects * -nssCKFWSession_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; - NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; + NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; + NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWFindObjects *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWFindObjects *)NULL; - } - - if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWFindObjects *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWFindObjects *)NULL; - } -#endif /* NSSDEBUG */ - - if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance) ) { - CK_ULONG i; - - /* - * Does the search criteria restrict us to token or session - * objects? - */ + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* Yes, it does. */ - CK_BBOOL isToken; - if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKFWFindObjects *)NULL; - } - (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWFindObjects *)NULL; + } - if( CK_TRUE == isToken ) { - /* Pass it on to the module's search routine */ - if (!fwSession->mdSession->FindObjectsInit) { - goto wrap; - } + if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWFindObjects *)NULL; + } - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); - } else { - /* Do the search ourselves */ - mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, - pTemplate, ulAttributeCount, pError); - } + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWFindObjects *)NULL; + } +#endif /* NSSDEBUG */ - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWFindObjects *)NULL; + if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)) { + CK_ULONG i; + + /* + * Does the search criteria restrict us to token or session + * objects? + */ + + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* Yes, it does. */ + CK_BBOOL isToken; + if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) { + *pError = + CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKFWFindObjects *)NULL; + } + (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + + if (CK_TRUE == isToken) { + /* Pass it on to the module's search routine */ + if (!fwSession->mdSession->FindObjectsInit) { + goto wrap; + } + + mdfo1 = + fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + } else { + /* Do the search ourselves */ + mdfo1 = + nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + } + + if (!mdfo1) { + if (CKR_OK == + *pError) { + *pError = + CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + goto wrap; + } } - - goto wrap; - } - } - if( i == ulAttributeCount ) { - /* No, it doesn't. Do a hybrid search. */ - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); + if (i == ulAttributeCount) { + /* No, it doesn't. Do a hybrid search. */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + + if (!mdfo1) { + if (CKR_OK == *pError) { + *pError = + CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + if (!mdfo2) { + if (CKR_OK == *pError) { + *pError = + CKR_GENERAL_ERROR; + } + if (mdfo1->Final) { + mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); + } + return (NSSCKFWFindObjects *)NULL; + } - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + goto wrap; } - return (NSSCKFWFindObjects *)NULL; - } + /*NOTREACHED*/ + } else { + /* Module handles all its own objects. Pass on to module's search */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); - mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, - pTemplate, ulAttributeCount, pError); - if (!mdfo2) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - if (mdfo1->Final) { - mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance); + if (!mdfo1) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; } - return (NSSCKFWFindObjects *)NULL; - } - - goto wrap; - } - /*NOTREACHED*/ - } else { - /* Module handles all its own objects. Pass on to module's search */ - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWFindObjects *)NULL; + goto wrap; } - goto wrap; - } - - wrap: - return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, - fwSession->fwInstance, mdfo1, mdfo2, pError); +wrap: + return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, + fwSession->fwInstance, mdfo1, mdfo2, pError); } /* @@ -1721,46 +1677,44 @@ nssCKFWSession_FindObjectsInit * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SeedRandom -( - NSSCKFWSession *fwSession, - NSSItem *seed -) +nssCKFWSession_SeedRandom( + NSSCKFWSession *fwSession, + NSSItem *seed) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!seed) { - return CKR_ARGUMENTS_BAD; - } + if (!seed) { + return CKR_ARGUMENTS_BAD; + } - if (!seed->data) { - return CKR_ARGUMENTS_BAD; - } + if (!seed->data) { + return CKR_ARGUMENTS_BAD; + } - if( 0 == seed->size ) { - return CKR_ARGUMENTS_BAD; - } + if (0 == seed->size) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->SeedRandom) { - return CKR_RANDOM_SEED_NOT_SUPPORTED; - } + if (!fwSession->mdSession->SeedRandom) { + return CKR_RANDOM_SEED_NOT_SUPPORTED; + } - error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, seed); + error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, seed); - return error; + return error; } /* @@ -1768,565 +1722,541 @@ nssCKFWSession_SeedRandom * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_GetRandom -( - NSSCKFWSession *fwSession, - NSSItem *buffer -) +nssCKFWSession_GetRandom( + NSSCKFWSession *fwSession, + NSSItem *buffer) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!buffer) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } - if (!buffer->data) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetRandom) { - if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) { - return CKR_GENERAL_ERROR; - } else { - return CKR_RANDOM_NO_RNG; + if (!fwSession->mdSession->GetRandom) { + if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) { + return CKR_GENERAL_ERROR; + } else { + return CKR_RANDOM_NO_RNG; + } } - } - if( 0 == buffer->size ) { - return CKR_OK; - } + if (0 == buffer->size) { + return CKR_OK; + } - error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, buffer); + error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, buffer); - return error; + return error; } - /* * nssCKFWSession_SetCurrentCryptoOperation */ NSS_IMPLEMENT void -nssCKFWSession_SetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperation * fwOperation, - NSSCKFWCryptoOperationState state -) +nssCKFWSession_SetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperationState state) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return; + } - if ( state >= NSSCKFWCryptoOperationState_Max) { - return; - } + if (state >= NSSCKFWCryptoOperationState_Max) { + return; + } - if (!fwSession->mdSession) { - return; - } + if (!fwSession->mdSession) { + return; + } #endif /* NSSDEBUG */ - fwSession->fwOperationArray[state] = fwOperation; - return; + fwSession->fwOperationArray[state] = fwOperation; + return; } /* * nssCKFWSession_GetCurrentCryptoOperation */ NSS_IMPLEMENT NSSCKFWCryptoOperation * -nssCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -) +nssCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if ( state >= NSSCKFWCryptoOperationState_Max) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if (!fwSession->mdSession) { - return (NSSCKFWCryptoOperation *)NULL; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (!fwSession->mdSession) { + return (NSSCKFWCryptoOperation *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->fwOperationArray[state]; + return fwSession->fwOperationArray[state]; } /* * nssCKFWSession_Final */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Final -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_Final( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem outputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem outputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* handle buffer issues, note for Verify, the type is an input buffer. */ - if (NSSCKFWCryptoOperationType_Verify == type) { - if ((CK_BYTE_PTR)NULL == outBuf) { - error = CKR_ARGUMENTS_BAD; - goto done; + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; } - } else { - CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); - CK_ULONG maxBufLen = *outBufLen; - if (CKR_OK != error) { - goto done; - } - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; } - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } + } else { + CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + CK_ULONG maxBufLen = *outBufLen; + + if (CKR_OK != error) { + goto done; + } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } } - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); done: - if (CKR_BUFFER_TOO_SMALL == error) { + if (CKR_BUFFER_TOO_SMALL == error) { + return error; + } + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); return error; - } - /* clean up our state */ - nssCKFWCryptoOperation_Destroy(fwOperation); - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); - return error; } /* * nssCKFWSession_Update */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Update -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_Update( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - CK_ULONG len; - CK_ULONG maxBufLen; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG len; + CK_ULONG maxBufLen; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; - /* handle buffer issues, note for Verify, the type is an input buffer. */ - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, - &error); - if (CKR_OK != error) { - return error; - } - maxBufLen = *outBufLen; + /* handle buffer issues, note for Verify, the type is an input buffer. */ + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, + &error); + if (CKR_OK != error) { + return error; + } + maxBufLen = *outBufLen; - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - return nssCKFWCryptoOperation_Update(fwOperation, - &inputBuffer, &outputBuffer); + return nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); } /* * nssCKFWSession_DigestUpdate */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestUpdate -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen -) +nssCKFWSession_DigestUpdate( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); - return error; + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + return error; } /* * nssCKFWSession_DigestUpdate */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestKey -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwKey -) +nssCKFWSession_DigestKey( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem *inputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem *inputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_Digest); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (NSSCKFWCryptoOperationType_Digest != - nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); - if (CKR_FUNCTION_FAILED != error) { - return error; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (NSSCKFWCryptoOperationType_Digest != + nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); + if (CKR_FUNCTION_FAILED != error) { + return error; + } - /* no machine depended way for this to happen, do it by hand */ - inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); - if (!inputBuffer) { - /* couldn't get the value, just fail then */ + /* no machine depended way for this to happen, do it by hand */ + inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); + if (!inputBuffer) { + /* couldn't get the value, just fail then */ + return error; + } + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); + nssItem_Destroy(inputBuffer); return error; - } - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); - nssItem_Destroy(inputBuffer); - return error; } /* * nssCKFWSession_UpdateFinal */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateFinal -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_UpdateFinal( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - PRBool isEncryptDecrypt; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + PRBool isEncryptDecrypt; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; - isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) || - (NSSCKFWCryptoOperationType_Decrypt == type)) ; + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) || + (NSSCKFWCryptoOperationType_Decrypt == type)); - /* handle buffer issues, note for Verify, the type is an input buffer. */ - if (NSSCKFWCryptoOperationType_Verify == type) { - if ((CK_BYTE_PTR)NULL == outBuf) { - error = CKR_ARGUMENTS_BAD; - goto done; - } - } else { - CK_ULONG maxBufLen = *outBufLen; - CK_ULONG len; + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } + } else { + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; - len = (isEncryptDecrypt) ? - nssCKFWCryptoOperation_GetOperationLength(fwOperation, - &inputBuffer, &error) : - nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error) + : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); - if (CKR_OK != error) { - goto done; - } + if (CKR_OK != error) { + goto done; + } - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } } - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, - &inputBuffer, &outputBuffer); + error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, + &inputBuffer, &outputBuffer); - /* UpdateFinal isn't support, manually use Update and Final */ - if (CKR_FUNCTION_FAILED == error) { - error = isEncryptDecrypt ? - nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) : - nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + /* UpdateFinal isn't support, manually use Update and Final */ + if (CKR_FUNCTION_FAILED == error) { + error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) + : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); - if (CKR_OK == error) { - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + if (CKR_OK == error) { + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + } } - } - done: - if (CKR_BUFFER_TOO_SMALL == error) { - /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. - * the crypto state to be freed */ - return error; - } + if (CKR_BUFFER_TOO_SMALL == error) { + /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. + * the crypto state to be freed */ + return error; + } - /* clean up our state */ - nssCKFWCryptoOperation_Destroy(fwOperation); - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); - return error; + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); + return error; } NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateCombo -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType encryptType, - NSSCKFWCryptoOperationType digestType, - NSSCKFWCryptoOperationState digestState, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_UpdateCombo( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKFWCryptoOperation *fwPeerOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - CK_ULONG maxBufLen = *outBufLen; - CK_ULONG len; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSCKFWCryptoOperation *fwPeerOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - /* make sure we have a valid operation initialized */ - fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - digestState); - if (!fwPeerOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, - &inputBuffer, &error); - if (CKR_OK != error) { - return error; - } - - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } - - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + /* make sure it's the correct type */ + if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + /* make sure we have a valid operation initialized */ + fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + digestState); + if (!fwPeerOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, - &inputBuffer, &outputBuffer); - if (CKR_FUNCTION_FAILED == error) { - PRBool isEncrypt = - (PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType); + /* make sure it's the correct type */ + if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } - if (isEncrypt) { - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, - &inputBuffer); - if (CKR_OK != error) { + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error); + if (CKR_OK != error) { return error; - } } - error = nssCKFWCryptoOperation_Update(fwOperation, - &inputBuffer, &outputBuffer); - if (CKR_OK != error) { - return error; + + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; } - if (!isEncrypt) { - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, - &outputBuffer); + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; } - } - return error; -} + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, + &inputBuffer, &outputBuffer); + if (CKR_FUNCTION_FAILED == error) { + PRBool isEncrypt = + (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType); + + if (isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &inputBuffer); + if (CKR_OK != error) { + return error; + } + } + error = nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); + if (CKR_OK != error) { + return error; + } + if (!isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &outputBuffer); + } + } + return error; +} /* * NSSCKFWSession_GetMDSession @@ -2334,18 +2264,16 @@ nssCKFWSession_UpdateCombo */ NSS_IMPLEMENT NSSCKMDSession * -NSSCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_GetMDSession( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKMDSession *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKMDSession *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetMDSession(fwSession); + return nssCKFWSession_GetMDSession(fwSession); } /* @@ -2354,24 +2282,22 @@ NSSCKFWSession_GetMDSession */ NSS_IMPLEMENT NSSArena * -NSSCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +NSSCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetArena(fwSession, pError); + return nssCKFWSession_GetArena(fwSession, pError); } /* @@ -2380,22 +2306,20 @@ NSSCKFWSession_GetArena */ NSS_IMPLEMENT CK_RV -NSSCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -) +NSSCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event) { #ifdef DEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* DEBUG */ - return nssCKFWSession_CallNotification(fwSession, event); + return nssCKFWSession_CallNotification(fwSession, event); } /* @@ -2404,18 +2328,16 @@ NSSCKFWSession_CallNotification */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_IsRWSession( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWSession_IsRWSession(fwSession); + return nssCKFWSession_IsRWSession(fwSession); } /* @@ -2424,37 +2346,45 @@ NSSCKFWSession_IsRWSession */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWSession_IsSO -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_IsSO( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWSession_IsSO(fwSession); + return nssCKFWSession_IsSO(fwSession); } NSS_IMPLEMENT NSSCKFWCryptoOperation * -NSSCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -) +NSSCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state) { #ifdef DEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if ( state >= NSSCKFWCryptoOperationState_Max) { - return (NSSCKFWCryptoOperation *)NULL; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); +} + +/* + * NSSCKFWSession_GetFWSlot + * + */ + +NSS_IMPLEMENT NSSCKFWSlot * +NSSCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession) +{ + return nssCKFWSession_GetFWSlot(fwSession); } diff --git a/nss/lib/ckfw/sessobj.c b/nss/lib/ckfw/sessobj.c index 113b0f4..11721b8 100644 --- a/nss/lib/ckfw/sessobj.c +++ b/nss/lib/ckfw/sessobj.c @@ -5,7 +5,7 @@ /* * sessobj.c * - * This file contains an NSSCKMDObject implementation for session + * This file contains an NSSCKMDObject implementation for session * objects. The framework uses this implementation to manage * session objects when a Module doesn't wish to be bothered. */ @@ -32,11 +32,11 @@ */ struct nssCKMDSessionObjectStr { - CK_ULONG n; - NSSArena *arena; - NSSItem *attributes; - CK_ATTRIBUTE_TYPE_PTR types; - nssCKFWHash *hash; + CK_ULONG n; + NSSArena *arena; + NSSItem *attributes; + CK_ATTRIBUTE_TYPE_PTR types; + nssCKFWHash *hash; }; typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject; @@ -53,31 +53,25 @@ typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject; */ static CK_RV -nss_ckmdSessionObject_add_pointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_add_pointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } static CK_RV -nss_ckmdSessionObject_remove_pointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_remove_pointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } #ifdef NSS_DEBUG static CK_RV -nss_ckmdSessionObject_verifyPointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_verifyPointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } #endif @@ -87,234 +81,214 @@ nss_ckmdSessionObject_verifyPointer * We must forward-declare these routines */ static void -nss_ckmdSessionObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_RV -nss_ckmdSessionObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_BBOOL -nss_ckmdSessionObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_ULONG -nss_ckmdSessionObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); static CK_RV -nss_ckmdSessionObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +nss_ckmdSessionObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); static CK_ULONG -nss_ckmdSessionObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); static NSSCKFWItem -nss_ckmdSessionObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); static CK_RV -nss_ckmdSessionObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -); +nss_ckmdSessionObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); static CK_ULONG -nss_ckmdSessionObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nss_ckmdSessionObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKMDSessionObject_Create * */ NSS_IMPLEMENT NSSCKMDObject * -nssCKMDSessionObject_Create -( - NSSCKFWToken *fwToken, - NSSArena *arena, - CK_ATTRIBUTE_PTR attributes, - CK_ULONG ulCount, - CK_RV *pError -) +nssCKMDSessionObject_Create( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError) { - NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL; - nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL; - CK_ULONG i; - nssCKFWHash *hash; - - *pError = CKR_OK; - - mdso = nss_ZNEW(arena, nssCKMDSessionObject); - if (!mdso) { - goto loser; - } - - mdso->arena = arena; - mdso->n = ulCount; - mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount); - if (!mdso->attributes) { - goto loser; - } - - mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount); - if (!mdso->types) { - goto loser; - } - for( i = 0; i < ulCount; i++ ) { - mdso->types[i] = attributes[i].type; - mdso->attributes[i].size = attributes[i].ulValueLen; - mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen); - if (!mdso->attributes[i].data) { - goto loser; + NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL; + CK_ULONG i; + nssCKFWHash *hash; + + *pError = CKR_OK; + + mdso = nss_ZNEW(arena, nssCKMDSessionObject); + if (!mdso) { + goto loser; + } + + mdso->arena = arena; + mdso->n = ulCount; + mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount); + if (!mdso->attributes) { + goto loser; + } + + mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount); + if (!mdso->types) { + goto loser; + } + for (i = 0; i < ulCount; i++) { + mdso->types[i] = attributes[i].type; + mdso->attributes[i].size = attributes[i].ulValueLen; + mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen); + if (!mdso->attributes[i].data) { + goto loser; + } + (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue, + attributes[i].ulValueLen); + } + + mdObject = nss_ZNEW(arena, NSSCKMDObject); + if (!mdObject) { + goto loser; + } + + mdObject->etc = (void *)mdso; + mdObject->Finalize = nss_ckmdSessionObject_Finalize; + mdObject->Destroy = nss_ckmdSessionObject_Destroy; + mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject; + mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount; + mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes; + mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize; + mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute; + mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute; + mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize; + + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + mdso->hash = hash; + + *pError = nssCKFWHash_Add(hash, mdObject, mdObject); + if (CKR_OK != *pError) { + goto loser; } - (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue, - attributes[i].ulValueLen); - } - - mdObject = nss_ZNEW(arena, NSSCKMDObject); - if (!mdObject) { - goto loser; - } - - mdObject->etc = (void *)mdso; - mdObject->Finalize = nss_ckmdSessionObject_Finalize; - mdObject->Destroy = nss_ckmdSessionObject_Destroy; - mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject; - mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount; - mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes; - mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize; - mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute; - mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute; - mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize; - - hash = nssCKFWToken_GetSessionObjectHash(fwToken); - if (!hash) { - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - mdso->hash = hash; - - *pError = nssCKFWHash_Add(hash, mdObject, mdObject); - if( CKR_OK != *pError ) { - goto loser; - } #ifdef DEBUG - if(( *pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK ) { - goto loser; - } + if ((*pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK) { + goto loser; + } #endif /* DEBUG */ - return mdObject; + return mdObject; - loser: - if (mdso) { - if (mdso->attributes) { - for( i = 0; i < ulCount; i++ ) { - nss_ZFreeIf(mdso->attributes[i].data); - } - nss_ZFreeIf(mdso->attributes); +loser: + if (mdso) { + if (mdso->attributes) { + for (i = 0; i < ulCount; i++) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + } + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); } - nss_ZFreeIf(mdso->types); - nss_ZFreeIf(mdso); - } - nss_ZFreeIf(mdObject); - if (*pError == CKR_OK) { - *pError = CKR_HOST_MEMORY; - } - return (NSSCKMDObject *)NULL; + nss_ZFreeIf(mdObject); + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return (NSSCKMDObject *)NULL; } /* @@ -322,20 +296,18 @@ nssCKMDSessionObject_Create * */ static void -nss_ckmdSessionObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* This shouldn't ever be called */ - return; + /* This shouldn't ever be called */ + return; } /* @@ -344,48 +316,46 @@ nss_ckmdSessionObject_Finalize */ static CK_RV -nss_ckmdSessionObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - nssCKMDSessionObject *mdso; - CK_ULONG i; + nssCKMDSessionObject *mdso; + CK_ULONG i; #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return error; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - mdso = (nssCKMDSessionObject *)mdObject->etc; + mdso = (nssCKMDSessionObject *)mdObject->etc; - nssCKFWHash_Remove(mdso->hash, mdObject); + nssCKFWHash_Remove(mdso->hash, mdObject); - for( i = 0; i < mdso->n; i++ ) { - nss_ZFreeIf(mdso->attributes[i].data); - } - nss_ZFreeIf(mdso->attributes); - nss_ZFreeIf(mdso->types); - nss_ZFreeIf(mdso); - nss_ZFreeIf(mdObject); + for (i = 0; i < mdso->n; i++) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); + nss_ZFreeIf(mdObject); #ifdef DEBUG - (void)nss_ckmdSessionObject_remove_pointer(mdObject); + (void)nss_ckmdSessionObject_remove_pointer(mdObject); #endif /* DEBUG */ - return CKR_OK; + return CKR_OK; } /* @@ -394,28 +364,26 @@ nss_ckmdSessionObject_Destroy */ static CK_BBOOL -nss_ckmdSessionObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject) ) { - return CK_FALSE; - } + if (CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - /* - * This implementation is only ever used for session objects. - */ - return CK_FALSE; + /* + * This implementation is only ever used for session objects. + */ + return CK_FALSE; } /* @@ -423,37 +391,35 @@ nss_ckmdSessionObject_IsTokenObject * */ static CK_ULONG -nss_ckmdSessionObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nssCKMDSessionObject *obj; + nssCKMDSessionObject *obj; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - return obj->n; + return obj->n; } /* @@ -461,44 +427,43 @@ nss_ckmdSessionObject_GetAttributeCount * */ static CK_RV -nss_ckmdSessionObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nss_ckmdSessionObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - nssCKMDSessionObject *obj; + nssCKMDSessionObject *obj; #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return error; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return error; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - if( ulCount < obj->n ) { - return CKR_BUFFER_TOO_SMALL; - } + if (ulCount < obj->n) { + return CKR_BUFFER_TOO_SMALL; + } - (void)nsslibc_memcpy(typeArray, obj->types, - sizeof(CK_ATTRIBUTE_TYPE) * obj->n); + (void)nsslibc_memcpy(typeArray, obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * + obj->n); - return CKR_OK; + return CKR_OK; } /* @@ -506,46 +471,44 @@ nss_ckmdSessionObject_GetAttributeTypes * */ static CK_ULONG -nss_ckmdSessionObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nssCKMDSessionObject *obj; - CK_ULONG i; + nssCKMDSessionObject *obj; + CK_ULONG i; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - return (CK_ULONG)(obj->attributes[i].size); + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + return (CK_ULONG)(obj->attributes[i].size); + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; } /* @@ -553,50 +516,48 @@ nss_ckmdSessionObject_GetAttributeSize * */ static NSSCKFWItem -nss_ckmdSessionObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem item; - nssCKMDSessionObject *obj; - CK_ULONG i; + NSSCKFWItem item; + nssCKMDSessionObject *obj; + CK_ULONG i; - item.needsFreeing = PR_FALSE; - item.item = NULL; + item.needsFreeing = PR_FALSE; + item.item = NULL; #ifdef NSSDEBUG - if (!pError) { - return item; - } + if (!pError) { + return item; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return item; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return item; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - item.item = &obj->attributes[i]; - return item; + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + item.item = &obj->attributes[i]; + return item; + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return item; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return item; } /* @@ -612,79 +573,77 @@ nss_ckmdSessionObject_GetAttribute * more easily. Do this later. */ static CK_RV -nss_ckmdSessionObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nss_ckmdSessionObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - nssCKMDSessionObject *obj; - CK_ULONG i; - NSSItem n; - NSSItem *ra; - CK_ATTRIBUTE_TYPE_PTR rt; + nssCKMDSessionObject *obj; + CK_ULONG i; + NSSItem n; + NSSItem *ra; + CK_ATTRIBUTE_TYPE_PTR rt; #ifdef NSSDEBUG - CK_RV error; + CK_RV error; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return 0; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - n.size = value->size; - n.data = nss_ZAlloc(obj->arena, n.size); - if (!n.data) { - return CKR_HOST_MEMORY; - } - (void)nsslibc_memcpy(n.data, value->data, n.size); + n.size = value->size; + n.data = nss_ZAlloc(obj->arena, n.size); + if (!n.data) { + return CKR_HOST_MEMORY; + } + (void)nsslibc_memcpy(n.data, value->data, n.size); - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - nss_ZFreeIf(obj->attributes[i].data); - obj->attributes[i] = n; - return CKR_OK; + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + nss_ZFreeIf(obj->attributes[i].data); + obj->attributes[i] = n; + return CKR_OK; + } } - } - - /* - * It's new. - */ - - ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1)); - if (!ra) { - nss_ZFreeIf(n.data); - return CKR_HOST_MEMORY; - } - obj->attributes = ra; - - rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, - sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1)); - if (!rt) { - nss_ZFreeIf(n.data); - return CKR_HOST_MEMORY; - } - - obj->types = rt; - obj->attributes[obj->n] = n; - obj->types[obj->n] = attribute; - obj->n++; - - return CKR_OK; + + /* + * It's new. + */ + + ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1)); + if (!ra) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; + } + obj->attributes = ra; + + rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1)); + if (!rt) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; + } + + obj->types = rt; + obj->attributes[obj->n] = n; + obj->types[obj->n] = attribute; + obj->n++; + + return CKR_OK; } /* @@ -692,47 +651,45 @@ nss_ckmdSessionObject_SetAttribute * */ static CK_ULONG -nss_ckmdSessionObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_ckmdSessionObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nssCKMDSessionObject *obj; - CK_ULONG i; - CK_ULONG rv = (CK_ULONG)0; + nssCKMDSessionObject *obj; + CK_ULONG i; + CK_ULONG rv = (CK_ULONG)0; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - rv += obj->attributes[i].size; - } + for (i = 0; i < obj->n; i++) { + rv += obj->attributes[i].size; + } - rv += sizeof(NSSItem) * obj->n; - rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n; - rv += sizeof(nssCKMDSessionObject); + rv += sizeof(NSSItem) * obj->n; + rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n; + rv += sizeof(nssCKMDSessionObject); - return rv; + return rv; } /* @@ -747,18 +704,17 @@ nss_ckmdSessionObject_GetObjectSize */ struct nodeStr { - struct nodeStr *next; - NSSCKMDObject *mdObject; + struct nodeStr *next; + NSSCKMDObject *mdObject; }; struct nssCKMDFindSessionObjectsStr { - NSSArena *arena; - CK_RV error; - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulCount; - struct nodeStr *list; - nssCKFWHash *hash; - + NSSArena *arena; + CK_RV error; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulCount; + struct nodeStr *list; + nssCKFWHash *hash; }; typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects; @@ -775,31 +731,25 @@ typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects; */ static CK_RV -nss_ckmdFindSessionObjects_add_pointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_add_pointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } static CK_RV -nss_ckmdFindSessionObjects_remove_pointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_remove_pointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } #ifdef NSS_DEBUG static CK_RV -nss_ckmdFindSessionObjects_verifyPointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_verifyPointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } #endif @@ -809,104 +759,96 @@ nss_ckmdFindSessionObjects_verifyPointer * We must forward-declare these routines. */ static void -nss_ckmdFindSessionObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdFindSessionObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static NSSCKMDObject * -nss_ckmdFindSessionObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nss_ckmdFindSessionObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); static CK_BBOOL -items_match -( - NSSItem *a, - CK_VOID_PTR pValue, - CK_ULONG ulValueLen -) +items_match( + NSSItem *a, + CK_VOID_PTR pValue, + CK_ULONG ulValueLen) { - if( a->size != ulValueLen ) { - return CK_FALSE; - } + if (a->size != ulValueLen) { + return CK_FALSE; + } - if( PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL) ) { - return CK_TRUE; - } else { - return CK_FALSE; - } + if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) { + return CK_TRUE; + } else { + return CK_FALSE; + } } /* * Our hashtable iterator */ static void -findfcn -( - const void *key, - void *value, - void *closure -) +findfcn( + const void *key, + void *value, + void *closure) { - NSSCKMDObject *mdObject = (NSSCKMDObject *)value; - nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc; - nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure; - CK_ULONG i, j; - struct nodeStr *node; - - if( CKR_OK != mdfso->error ) { - return; - } + NSSCKMDObject *mdObject = (NSSCKMDObject *)value; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc; + nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure; + CK_ULONG i, j; + struct nodeStr *node; + + if (CKR_OK != mdfso->error) { + return; + } - for( i = 0; i < mdfso->ulCount; i++ ) { - CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i]; + for (i = 0; i < mdfso->ulCount; i++) { + CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i]; + + for (j = 0; j < mdso->n; j++) { + if (mdso->types[j] == p->type) { + if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) { + return; + } else { + break; + } + } + } - for( j = 0; j < mdso->n; j++ ) { - if( mdso->types[j] == p->type ) { - if( !items_match(&mdso->attributes[j], p->pValue, p->ulValueLen) ) { - return; - } else { - break; + if (j == mdso->n) { + /* Attribute not found */ + return; } - } } - if( j == mdso->n ) { - /* Attribute not found */ - return; + /* Matches */ + node = nss_ZNEW(mdfso->arena, struct nodeStr); + if ((struct nodeStr *)NULL == node) { + mdfso->error = CKR_HOST_MEMORY; + return; } - } - - /* Matches */ - node = nss_ZNEW(mdfso->arena, struct nodeStr); - if( (struct nodeStr *)NULL == node ) { - mdfso->error = CKR_HOST_MEMORY; - return; - } - node->mdObject = mdObject; - node->next = mdfso->list; - mdfso->list = node; + node->mdObject = mdObject; + node->next = mdfso->list; + mdfso->list = node; - return; + return; } /* @@ -914,162 +856,157 @@ findfcn * */ NSS_IMPLEMENT NSSCKMDFindObjects * -nssCKMDFindSessionObjects_Create -( - NSSCKFWToken *fwToken, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_RV *pError -) +nssCKMDFindSessionObjects_Create( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError) { - NSSArena *arena; - nssCKMDFindSessionObjects *mdfso; - nssCKFWHash *hash; - NSSCKMDFindObjects *rv; + NSSArena *arena; + nssCKMDFindSessionObjects *mdfso; + nssCKFWHash *hash; + NSSCKMDFindObjects *rv; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKMDFindObjects *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKMDFindObjects *)NULL; - } - - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKMDFindObjects *)NULL; - } + if (!pError) { + return (NSSCKMDFindObjects *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKMDFindObjects *)NULL; + } + + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKMDFindObjects *)NULL; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; + *pError = CKR_OK; - hash = nssCKFWToken_GetSessionObjectHash(fwToken); - if (!hash) { - *pError= CKR_GENERAL_ERROR; - return (NSSCKMDFindObjects *)NULL; - } + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKMDFindObjects *)NULL; + } - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDFindObjects *)NULL; - } + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } - mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects); - if (!mdfso) { - goto loser; - } + mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects); + if (!mdfso) { + goto loser; + } - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if(rv == NULL) { - goto loser; - } + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if (rv == NULL) { + goto loser; + } - mdfso->error = CKR_OK; - mdfso->pTemplate = pTemplate; - mdfso->ulCount = ulCount; - mdfso->hash = hash; + mdfso->error = CKR_OK; + mdfso->pTemplate = pTemplate; + mdfso->ulCount = ulCount; + mdfso->hash = hash; - nssCKFWHash_Iterate(hash, findfcn, mdfso); + nssCKFWHash_Iterate(hash, findfcn, mdfso); - if( CKR_OK != mdfso->error ) { - goto loser; - } + if (CKR_OK != mdfso->error) { + goto loser; + } - rv->etc = (void *)mdfso; - rv->Final = nss_ckmdFindSessionObjects_Final; - rv->Next = nss_ckmdFindSessionObjects_Next; + rv->etc = (void *)mdfso; + rv->Final = nss_ckmdFindSessionObjects_Final; + rv->Next = nss_ckmdFindSessionObjects_Next; #ifdef DEBUG - if( (*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK ) { - goto loser; - } -#endif /* DEBUG */ - mdfso->arena = arena; + if ((*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK) { + goto loser; + } +#endif /* DEBUG */ + mdfso->arena = arena; - return rv; + return rv; loser: - if (arena) { - NSSArena_Destroy(arena); - } - if (*pError == CKR_OK) { - *pError = CKR_HOST_MEMORY; - } - return NULL; + if (arena) { + NSSArena_Destroy(arena); + } + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return NULL; } static void -nss_ckmdFindSessionObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdFindSessionObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nssCKMDFindSessionObjects *mdfso; + nssCKMDFindSessionObjects *mdfso; #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { - return; - } + if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) { + return; + } #endif /* NSSDEBUG */ - mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; - if (mdfso->arena) NSSArena_Destroy(mdfso->arena); + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + if (mdfso->arena) + NSSArena_Destroy(mdfso->arena); #ifdef DEBUG - (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects); + (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects); #endif /* DEBUG */ - return; + return; } static NSSCKMDObject * -nss_ckmdFindSessionObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nss_ckmdFindSessionObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nssCKMDFindSessionObjects *mdfso; - NSSCKMDObject *rv = (NSSCKMDObject *)NULL; + nssCKMDFindSessionObjects *mdfso; + NSSCKMDObject *rv = (NSSCKMDObject *)NULL; #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) { + return (NSSCKMDObject *)NULL; + } #endif /* NSSDEBUG */ - mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; - while (!rv) { - if( (struct nodeStr *)NULL == mdfso->list ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + while (!rv) { + if ((struct nodeStr *)NULL == mdfso->list) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - if( nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject) ) { - rv = mdfso->list->mdObject; - } + if (nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject)) { + rv = mdfso->list->mdObject; + } - mdfso->list = mdfso->list->next; - } + mdfso->list = mdfso->list->next; + } - return rv; + return rv; } diff --git a/nss/lib/ckfw/slot.c b/nss/lib/ckfw/slot.c index 658aedb..43d4f0d 100644 --- a/nss/lib/ckfw/slot.c +++ b/nss/lib/ckfw/slot.c @@ -23,14 +23,15 @@ * NSSCKFWSlot_GetMDSlot * NSSCKFWSlot_GetFWInstance * NSSCKFWSlot_GetMDInstance + * NSSCKFWSlot_GetSlotID * * -- implement public accessors -- * nssCKFWSlot_GetMDSlot * nssCKFWSlot_GetFWInstance * nssCKFWSlot_GetMDInstance + * nssCKFWSlot_GetSlotID * * -- private accessors -- - * nssCKFWSlot_GetSlotID * nssCKFWSlot_ClearToken * * -- module fronts -- @@ -46,35 +47,35 @@ */ struct NSSCKFWSlotStr { - NSSCKFWMutex *mutex; - NSSCKMDSlot *mdSlot; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - CK_SLOT_ID slotID; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The fwToken points to the token currently in the slot, and - * it is in a consistant state. - * - * Note that the calls accessing the cached descriptions will - * call the NSSCKMDSlot methods with the mutex locked. Those - * methods may then call the public NSSCKFWSlot routines. Those - * public routines only access the constant data above, so there's - * no problem. But be careful if you add to this object; mutexes - * are in general not reentrant, so don't create deadlock situations. - */ - - NSSUTF8 *slotDescription; - NSSUTF8 *manufacturerID; - CK_VERSION hardwareVersion; - CK_VERSION firmwareVersion; - NSSCKFWToken *fwToken; + NSSCKFWMutex *mutex; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_SLOT_ID slotID; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The fwToken points to the token currently in the slot, and + * it is in a consistant state. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDSlot methods with the mutex locked. Those + * methods may then call the public NSSCKFWSlot routines. Those + * public routines only access the constant data above, so there's + * no problem. But be careful if you add to this object; mutexes + * are in general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *slotDescription; + NSSUTF8 *manufacturerID; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + NSSCKFWToken *fwToken; }; #ifdef DEBUG @@ -90,30 +91,24 @@ struct NSSCKFWSlotStr { */ static CK_RV -slot_add_pointer -( - const NSSCKFWSlot *fwSlot -) +slot_add_pointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } static CK_RV -slot_remove_pointer -( - const NSSCKFWSlot *fwSlot -) +slot_remove_pointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWSlot_verifyPointer -( - const NSSCKFWSlot *fwSlot -) +nssCKFWSlot_verifyPointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -123,86 +118,84 @@ nssCKFWSlot_verifyPointer * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWSlot_Create -( - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *mdSlot, - CK_SLOT_ID slotID, - CK_RV *pError -) +nssCKFWSlot_Create( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError) { - NSSCKFWSlot *fwSlot; - NSSCKMDInstance *mdInstance; - NSSArena *arena; + NSSCKFWSlot *fwSlot; + NSSCKMDInstance *mdInstance; + NSSArena *arena; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWSlot *)NULL; + } - mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - if (!mdInstance) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWSlot *)NULL; - } + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ - arena = nssCKFWInstance_GetArena(fwInstance, pError); - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + if (!mdInstance) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; } - } - fwSlot = nss_ZNEW(arena, NSSCKFWSlot); - if (!fwSlot) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWSlot *)NULL; - } + arena = nssCKFWInstance_GetArena(fwInstance, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + } - fwSlot->mdSlot = mdSlot; - fwSlot->fwInstance = fwInstance; - fwSlot->mdInstance = mdInstance; - fwSlot->slotID = slotID; + fwSlot = nss_ZNEW(arena, NSSCKFWSlot); + if (!fwSlot) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSlot *)NULL; + } - fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!fwSlot->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwSlot->mdSlot = mdSlot; + fwSlot->fwInstance = fwInstance; + fwSlot->mdInstance = mdInstance; + fwSlot->slotID = slotID; + + fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwSlot->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; } - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; - } - if (mdSlot->Initialize) { - *pError = CKR_OK; - *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance); - if( CKR_OK != *pError ) { - (void)nssCKFWMutex_Destroy(fwSlot->mutex); - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; + if (mdSlot->Initialize) { + *pError = CKR_OK; + *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance); + if (CKR_OK != *pError) { + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; + } } - } #ifdef DEBUG - *pError = slot_add_pointer(fwSlot); - if( CKR_OK != *pError ) { - if (mdSlot->Destroy) { - mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance); + *pError = slot_add_pointer(fwSlot); + if (CKR_OK != *pError) { + if (mdSlot->Destroy) { + mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance); + } + + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; } - - (void)nssCKFWMutex_Destroy(fwSlot->mutex); - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; - } #endif /* DEBUG */ - return fwSlot; + return fwSlot; } /* @@ -210,35 +203,33 @@ nssCKFWSlot_Create * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_Destroy -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_Destroy( + NSSCKFWSlot *fwSlot) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if (fwSlot->fwToken) { - nssCKFWToken_Destroy(fwSlot->fwToken); - } + if (fwSlot->fwToken) { + nssCKFWToken_Destroy(fwSlot->fwToken); + } - (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nssCKFWMutex_Destroy(fwSlot->mutex); - if (fwSlot->mdSlot->Destroy) { - fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); - } + if (fwSlot->mdSlot->Destroy) { + fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); + } #ifdef DEBUG - error = slot_remove_pointer(fwSlot); + error = slot_remove_pointer(fwSlot); #endif /* DEBUG */ - (void)nss_ZFreeIf(fwSlot); - return error; + (void)nss_ZFreeIf(fwSlot); + return error; } /* @@ -246,18 +237,16 @@ nssCKFWSlot_Destroy * */ NSS_IMPLEMENT NSSCKMDSlot * -nssCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->mdSlot; + return fwSlot->mdSlot; } /* @@ -266,18 +255,16 @@ nssCKFWSlot_GetMDSlot */ NSS_IMPLEMENT NSSCKFWInstance * -nssCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKFWInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKFWInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->fwInstance; + return fwSlot->fwInstance; } /* @@ -286,18 +273,16 @@ nssCKFWSlot_GetFWInstance */ NSS_IMPLEMENT NSSCKMDInstance * -nssCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->mdInstance; + return fwSlot->mdInstance; } /* @@ -305,18 +290,16 @@ nssCKFWSlot_GetMDInstance * */ NSS_IMPLEMENT CK_SLOT_ID -nssCKFWSlot_GetSlotID -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (CK_SLOT_ID)0; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (CK_SLOT_ID)0; + } #endif /* NSSDEBUG */ - return fwSlot->slotID; + return fwSlot->slotID; } /* @@ -324,49 +307,47 @@ nssCKFWSlot_GetSlotID * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_GetSlotDescription -( - NSSCKFWSlot *fwSlot, - CK_CHAR slotDescription[64] -) +nssCKFWSlot_GetSlotDescription( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == slotDescription ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == slotDescription) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != error ) { - return error; - } - - if (!fwSlot->slotDescription) { - if (fwSlot->mdSlot->GetSlotDescription) { - fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, - fwSlot->fwInstance, &error); - if ((!fwSlot->slotDescription) && (CKR_OK != error)) { - goto done; - } - } else { - fwSlot->slotDescription = (NSSUTF8 *) ""; + error = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != error) { + return error; } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' '); - error = CKR_OK; + if (!fwSlot->slotDescription) { + if (fwSlot->mdSlot->GetSlotDescription) { + fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->slotDescription) && (CKR_OK != error)) { + goto done; + } + } else { + fwSlot->slotDescription = (NSSUTF8 *)""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; } /* @@ -374,49 +355,47 @@ nssCKFWSlot_GetSlotDescription * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_GetManufacturerID -( - NSSCKFWSlot *fwSlot, - CK_CHAR manufacturerID[32] -) +nssCKFWSlot_GetManufacturerID( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != error ) { - return error; - } - - if (!fwSlot->manufacturerID) { - if (fwSlot->mdSlot->GetManufacturerID) { - fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, - fwSlot->fwInstance, &error); - if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwSlot->manufacturerID = (NSSUTF8 *) ""; + error = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != error) { + return error; } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + if (!fwSlot->manufacturerID) { + if (fwSlot->mdSlot->GetManufacturerID) { + fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwSlot->manufacturerID = (NSSUTF8 *)""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; } /* @@ -424,23 +403,21 @@ nssCKFWSlot_GetManufacturerID * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetTokenPresent -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetTokenPresent( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetTokenPresent) { - return CK_TRUE; - } + if (!fwSlot->mdSlot->GetTokenPresent) { + return CK_TRUE; + } - return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -448,23 +425,21 @@ nssCKFWSlot_GetTokenPresent * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetRemovableDevice -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetRemovableDevice( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetRemovableDevice) { - return CK_FALSE; - } + if (!fwSlot->mdSlot->GetRemovableDevice) { + return CK_FALSE; + } - return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -472,23 +447,21 @@ nssCKFWSlot_GetRemovableDevice * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetHardwareSlot -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetHardwareSlot( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetHardwareSlot) { - return CK_FALSE; - } + if (!fwSlot->mdSlot->GetHardwareSlot) { + return CK_FALSE; + } - return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -496,43 +469,41 @@ nssCKFWSlot_GetHardwareSlot * */ NSS_IMPLEMENT CK_VERSION -nssCKFWSlot_GetHardwareVersion -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetHardwareVersion( + NSSCKFWSlot *fwSlot) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwSlot->hardwareVersion.major) || + (0 != fwSlot->hardwareVersion.minor)) { + rv = fwSlot->hardwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetHardwareVersion) { + fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } else { + fwSlot->hardwareVersion.major = 0; + fwSlot->hardwareVersion.minor = 1; + } - if( (0 != fwSlot->hardwareVersion.major) || - (0 != fwSlot->hardwareVersion.minor) ) { rv = fwSlot->hardwareVersion; - goto done; - } - - if (fwSlot->mdSlot->GetHardwareVersion) { - fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } else { - fwSlot->hardwareVersion.major = 0; - fwSlot->hardwareVersion.minor = 1; - } - - rv = fwSlot->hardwareVersion; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; } /* @@ -540,100 +511,96 @@ nssCKFWSlot_GetHardwareVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWSlot_GetFirmwareVersion -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetFirmwareVersion( + NSSCKFWSlot *fwSlot) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwSlot->firmwareVersion.major) || + (0 != fwSlot->firmwareVersion.minor)) { + rv = fwSlot->firmwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetFirmwareVersion) { + fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } else { + fwSlot->firmwareVersion.major = 0; + fwSlot->firmwareVersion.minor = 1; + } - if( (0 != fwSlot->firmwareVersion.major) || - (0 != fwSlot->firmwareVersion.minor) ) { rv = fwSlot->firmwareVersion; - goto done; - } - - if (fwSlot->mdSlot->GetFirmwareVersion) { - fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } else { - fwSlot->firmwareVersion.major = 0; - fwSlot->firmwareVersion.minor = 1; - } - - rv = fwSlot->firmwareVersion; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; } /* * nssCKFWSlot_GetToken - * + * */ NSS_IMPLEMENT NSSCKFWToken * -nssCKFWSlot_GetToken -( - NSSCKFWSlot *fwSlot, - CK_RV *pError -) +nssCKFWSlot_GetToken( + NSSCKFWSlot *fwSlot, + CK_RV *pError) { - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWToken *)NULL; - } - - *pError = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != *pError ) { - return (NSSCKFWToken *)NULL; - } -#endif /* NSSDEBUG */ - - *pError = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWToken *)NULL; - } + if (!pError) { + return (NSSCKFWToken *)NULL; + } - if (!fwSlot->fwToken) { - if (!fwSlot->mdSlot->GetToken) { - *pError = CKR_GENERAL_ERROR; - fwToken = (NSSCKFWToken *)NULL; - goto done; + *pError = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != *pError) { + return (NSSCKFWToken *)NULL; } +#endif /* NSSDEBUG */ - mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance, pError); - if (!mdToken) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWToken *)NULL; + *pError = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWToken *)NULL; } - fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); - fwSlot->fwToken = fwToken; - } else { - fwToken = fwSlot->fwToken; - } + if (!fwSlot->fwToken) { + if (!fwSlot->mdSlot->GetToken) { + *pError = CKR_GENERAL_ERROR; + fwToken = (NSSCKFWToken *)NULL; + goto done; + } + + mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance, pError); + if (!mdToken) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWToken *)NULL; + } + + fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); + fwSlot->fwToken = fwToken; + } else { + fwToken = fwSlot->fwToken; + } - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return fwToken; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return fwToken; } /* @@ -641,25 +608,23 @@ nssCKFWSlot_GetToken * */ NSS_IMPLEMENT void -nssCKFWSlot_ClearToken -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_ClearToken( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - /* Now what? */ - return; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + /* Now what? */ + return; + } - fwSlot->fwToken = (NSSCKFWToken *)NULL; - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return; + fwSlot->fwToken = (NSSCKFWToken *)NULL; + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return; } /* @@ -668,18 +633,16 @@ nssCKFWSlot_ClearToken */ NSS_IMPLEMENT NSSCKMDSlot * -NSSCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetMDSlot(fwSlot); + return nssCKFWSlot_GetMDSlot(fwSlot); } /* @@ -688,18 +651,16 @@ NSSCKFWSlot_GetMDSlot */ NSS_IMPLEMENT NSSCKFWInstance * -NSSCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKFWInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKFWInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetFWInstance(fwSlot); + return nssCKFWSlot_GetFWInstance(fwSlot); } /* @@ -708,16 +669,26 @@ NSSCKFWSlot_GetFWInstance */ NSS_IMPLEMENT NSSCKMDInstance * -NSSCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetMDInstance(fwSlot); + return nssCKFWSlot_GetMDInstance(fwSlot); +} + +/* + * NSSCKFWSlot_GetSlotID + * + */ + +NSS_IMPLEMENT CK_SLOT_ID +NSSCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot) +{ + return nssCKFWSlot_GetSlotID(fwSlot); } diff --git a/nss/lib/ckfw/token.c b/nss/lib/ckfw/token.c index 4a97576..4483bb5 100644 --- a/nss/lib/ckfw/token.c +++ b/nss/lib/ckfw/token.c @@ -75,49 +75,49 @@ */ struct NSSCKFWTokenStr { - NSSCKFWMutex *mutex; - NSSArena *arena; - NSSCKMDToken *mdToken; - NSSCKFWSlot *fwSlot; - NSSCKMDSlot *mdSlot; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The session counts and hashes are consistant. - * - * 3) The object hashes are consistant. - * - * Note that the calls accessing the cached descriptions will call - * the NSSCKMDToken methods with the mutex locked. Those methods - * may then call the public NSSCKFWToken routines. Those public - * routines only access the constant data above and the atomic - * CK_STATE session state variable below, so there's no problem. - * But be careful if you add to this object; mutexes are in - * general not reentrant, so don't create deadlock situations. - */ - - NSSUTF8 *label; - NSSUTF8 *manufacturerID; - NSSUTF8 *model; - NSSUTF8 *serialNumber; - CK_VERSION hardwareVersion; - CK_VERSION firmwareVersion; - - CK_ULONG sessionCount; - CK_ULONG rwSessionCount; - nssCKFWHash *sessions; - nssCKFWHash *sessionObjectHash; - nssCKFWHash *mdObjectHash; - nssCKFWHash *mdMechanismHash; - - CK_STATE state; + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDToken *mdToken; + NSSCKFWSlot *fwSlot; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session counts and hashes are consistant. + * + * 3) The object hashes are consistant. + * + * Note that the calls accessing the cached descriptions will call + * the NSSCKMDToken methods with the mutex locked. Those methods + * may then call the public NSSCKFWToken routines. Those public + * routines only access the constant data above and the atomic + * CK_STATE session state variable below, so there's no problem. + * But be careful if you add to this object; mutexes are in + * general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *label; + NSSUTF8 *manufacturerID; + NSSUTF8 *model; + NSSUTF8 *serialNumber; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + + CK_ULONG sessionCount; + CK_ULONG rwSessionCount; + nssCKFWHash *sessions; + nssCKFWHash *sessionObjectHash; + nssCKFWHash *mdObjectHash; + nssCKFWHash *mdMechanismHash; + + CK_STATE state; }; #ifdef DEBUG @@ -133,30 +133,24 @@ struct NSSCKFWTokenStr { */ static CK_RV -token_add_pointer -( - const NSSCKFWToken *fwToken -) +token_add_pointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } static CK_RV -token_remove_pointer -( - const NSSCKFWToken *fwToken -) +token_remove_pointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWToken_verifyPointer -( - const NSSCKFWToken *fwToken -) +nssCKFWToken_verifyPointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -166,154 +160,148 @@ nssCKFWToken_verifyPointer * */ NSS_IMPLEMENT NSSCKFWToken * -nssCKFWToken_Create -( - NSSCKFWSlot *fwSlot, - NSSCKMDToken *mdToken, - CK_RV *pError -) +nssCKFWToken_Create( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError) { - NSSArena *arena = (NSSArena *)NULL; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - CK_BBOOL called_setup = CK_FALSE; - - /* - * We have already verified the arguments in nssCKFWSlot_GetToken. - */ - - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwToken = nss_ZNEW(arena, NSSCKFWToken); - if (!fwToken) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwToken->arena = arena; - fwToken->mdToken = mdToken; - fwToken->fwSlot = fwSlot; - fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); - fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - fwToken->sessionCount = 0; - fwToken->rwSessionCount = 0; - - fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError); - if (!fwToken->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError); - if (!fwToken->sessions) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( - fwToken->fwInstance) ) { - fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->sessionObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_BBOOL called_setup = CK_FALSE; + + /* + * We have already verified the arguments in nssCKFWSlot_GetToken. + */ + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwToken = nss_ZNEW(arena, NSSCKFWToken); + if (!fwToken) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwToken->arena = arena; + fwToken->mdToken = mdToken; + fwToken->fwSlot = fwSlot; + fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; + + fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError); + if (!fwToken->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError); + if (!fwToken->sessions) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwToken->fwInstance)) { + fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->sessionObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } } - } - fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->mdObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; } - goto loser; - } - fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->mdMechanismHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdMechanismHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; } - goto loser; - } - /* More here */ + /* More here */ - if (mdToken->Setup) { - *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - if( CKR_OK != *pError ) { - goto loser; + if (mdToken->Setup) { + *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + if (CKR_OK != *pError) { + goto loser; + } } - } - called_setup = CK_TRUE; + called_setup = CK_TRUE; #ifdef DEBUG - *pError = token_add_pointer(fwToken); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = token_add_pointer(fwToken); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwToken; + *pError = CKR_OK; + return fwToken; - loser: +loser: - if( CK_TRUE == called_setup ) { - if (mdToken->Invalidate) { - mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + if (CK_TRUE == called_setup) { + if (mdToken->Invalidate) { + mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } } - } - if (arena) { - (void)NSSArena_Destroy(arena); - } + if (arena) { + (void)NSSArena_Destroy(arena); + } - return (NSSCKFWToken *)NULL; + return (NSSCKFWToken *)NULL; } static void -nss_ckfwtoken_session_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfwtoken_session_iterator( + const void *key, + void *value, + void *closure) { - /* - * Remember that the fwToken->mutex is locked - */ - NSSCKFWSession *fwSession = (NSSCKFWSession *)value; - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - return; + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWSession *fwSession = (NSSCKFWSession *)value; + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + return; } static void -nss_ckfwtoken_object_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfwtoken_object_iterator( + const void *key, + void *value, + void *closure) { - /* - * Remember that the fwToken->mutex is locked - */ - NSSCKFWObject *fwObject = (NSSCKFWObject *)value; - (void)nssCKFWObject_Finalize(fwObject, CK_FALSE); - return; + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + (void)nssCKFWObject_Finalize(fwObject, CK_FALSE); + return; } /* @@ -321,56 +309,54 @@ nss_ckfwtoken_object_iterator * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_Destroy -( - NSSCKFWToken *fwToken -) +nssCKFWToken_Destroy( + NSSCKFWToken *fwToken) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwToken->mutex); - - if (fwToken->mdToken->Invalidate) { - fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); - } - /* we can destroy the list without locking now because no one else is - * referencing us (or _Destroy was invalidly called!) - */ - nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, - (void *)NULL); - nssCKFWHash_Destroy(fwToken->sessions); - - /* session objects go away when their sessions are removed */ - if (fwToken->sessionObjectHash) { - nssCKFWHash_Destroy(fwToken->sessionObjectHash); - } - - /* free up the token objects */ - if (fwToken->mdObjectHash) { - nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator, - (void *)NULL); - nssCKFWHash_Destroy(fwToken->mdObjectHash); - } - if (fwToken->mdMechanismHash) { - nssCKFWHash_Destroy(fwToken->mdMechanismHash); - } - - nssCKFWSlot_ClearToken(fwToken->fwSlot); - + (void)nssCKFWMutex_Destroy(fwToken->mutex); + + if (fwToken->mdToken->Invalidate) { + fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + /* we can destroy the list without locking now because no one else is + * referencing us (or _Destroy was invalidly called!) + */ + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->sessions); + + /* session objects go away when their sessions are removed */ + if (fwToken->sessionObjectHash) { + nssCKFWHash_Destroy(fwToken->sessionObjectHash); + } + + /* free up the token objects */ + if (fwToken->mdObjectHash) { + nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->mdObjectHash); + } + if (fwToken->mdMechanismHash) { + nssCKFWHash_Destroy(fwToken->mdMechanismHash); + } + + nssCKFWSlot_ClearToken(fwToken->fwSlot); + #ifdef DEBUG - error = token_remove_pointer(fwToken); + error = token_remove_pointer(fwToken); #endif /* DEBUG */ - (void)NSSArena_Destroy(fwToken->arena); - return error; + (void)NSSArena_Destroy(fwToken->arena); + return error; } /* @@ -378,18 +364,16 @@ nssCKFWToken_Destroy * */ NSS_IMPLEMENT NSSCKMDToken * -nssCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDToken( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDToken *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDToken *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdToken; + return fwToken->mdToken; } /* @@ -397,24 +381,22 @@ nssCKFWToken_GetMDToken * */ NSS_IMPLEMENT NSSArena * -nssCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -) +nssCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->arena; + return fwToken->arena; } /* @@ -422,18 +404,16 @@ nssCKFWToken_GetArena * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->fwSlot; + return fwToken->fwSlot; } /* @@ -441,18 +421,16 @@ nssCKFWToken_GetFWSlot * */ NSS_IMPLEMENT NSSCKMDSlot * -nssCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdSlot; + return fwToken->mdSlot; } /* @@ -460,29 +438,27 @@ nssCKFWToken_GetMDSlot * */ NSS_IMPLEMENT CK_STATE -nssCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionState( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKS_RO_PUBLIC_SESSION; /* whatever */ - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } #endif /* NSSDEBUG */ - /* - * BTW, do not lock the token in this method. - */ + /* + * BTW, do not lock the token in this method. + */ - /* - * Theoretically, there is no state if there aren't any - * sessions open. But then we'd need to worry about - * reporting an error, etc. What the heck-- let's just - * revert to CKR_RO_PUBLIC_SESSION as the "default." - */ + /* + * Theoretically, there is no state if there aren't any + * sessions open. But then we'd need to worry about + * reporting an error, etc. What the heck-- let's just + * revert to CKR_RO_PUBLIC_SESSION as the "default." + */ - return fwToken->state; + return fwToken->state; } /* @@ -490,56 +466,54 @@ nssCKFWToken_GetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_InitToken -( - NSSCKFWToken *fwToken, - NSSItem *pin, - NSSUTF8 *label -) +nssCKFWToken_InitToken( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label) { - CK_RV error; + CK_RV error; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return CKR_ARGUMENTS_BAD; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if( fwToken->sessionCount > 0 ) { - error = CKR_SESSION_EXISTS; - goto done; - } + if (fwToken->sessionCount > 0) { + error = CKR_SESSION_EXISTS; + goto done; + } - if (!fwToken->mdToken->InitToken) { - error = CKR_DEVICE_ERROR; - goto done; - } + if (!fwToken->mdToken->InitToken) { + error = CKR_DEVICE_ERROR; + goto done; + } - if (!pin) { - if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { - ; /* okay */ - } else { - error = CKR_PIN_INCORRECT; - goto done; + if (!pin) { + if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) { + ; /* okay */ + } else { + error = CKR_PIN_INCORRECT; + goto done; + } } - } - if (!label) { - label = (NSSUTF8 *) ""; - } + if (!label) { + label = (NSSUTF8 *)""; + } - error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, pin, label); + error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, pin, label); - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -547,48 +521,46 @@ nssCKFWToken_InitToken * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetLabel -( - NSSCKFWToken *fwToken, - CK_CHAR label[32] -) +nssCKFWToken_GetLabel( + NSSCKFWToken *fwToken, + CK_CHAR label[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == label ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == label) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->label) { - if (fwToken->mdToken->GetLabel) { - fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->label) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->label = (NSSUTF8 *) ""; + if (!fwToken->label) { + if (fwToken->mdToken->GetLabel) { + fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->label) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->label = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -596,48 +568,46 @@ nssCKFWToken_GetLabel * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetManufacturerID -( - NSSCKFWToken *fwToken, - CK_CHAR manufacturerID[32] -) +nssCKFWToken_GetManufacturerID( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->manufacturerID) { - if (fwToken->mdToken->GetManufacturerID) { - fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->manufacturerID = (NSSUTF8 *)""; + if (!fwToken->manufacturerID) { + if (fwToken->mdToken->GetManufacturerID) { + fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->manufacturerID = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -645,48 +615,46 @@ nssCKFWToken_GetManufacturerID * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetModel -( - NSSCKFWToken *fwToken, - CK_CHAR model[16] -) +nssCKFWToken_GetModel( + NSSCKFWToken *fwToken, + CK_CHAR model[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == model ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == model) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->model) { - if (fwToken->mdToken->GetModel) { - fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->model) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->model = (NSSUTF8 *)""; + if (!fwToken->model) { + if (fwToken->mdToken->GetModel) { + fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->model) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->model = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -694,73 +662,68 @@ nssCKFWToken_GetModel * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetSerialNumber -( - NSSCKFWToken *fwToken, - CK_CHAR serialNumber[16] -) +nssCKFWToken_GetSerialNumber( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == serialNumber ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == serialNumber) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->serialNumber) { - if (fwToken->mdToken->GetSerialNumber) { - fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->serialNumber) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->serialNumber = (NSSUTF8 *)""; + if (!fwToken->serialNumber) { + if (fwToken->mdToken->GetSerialNumber) { + fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->serialNumber) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->serialNumber = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } - /* * nssCKFWToken_GetHasRNG * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasRNG -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasRNG( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasRNG) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasRNG) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -768,23 +731,21 @@ nssCKFWToken_GetHasRNG * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetIsWriteProtected -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetIsWriteProtected( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetIsWriteProtected) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetIsWriteProtected) { + return CK_FALSE; + } - return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -792,23 +753,21 @@ nssCKFWToken_GetIsWriteProtected * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetLoginRequired -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetLoginRequired( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetLoginRequired) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetLoginRequired) { + return CK_FALSE; + } - return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -816,23 +775,21 @@ nssCKFWToken_GetLoginRequired * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetUserPinInitialized -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetUserPinInitialized( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetUserPinInitialized) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetUserPinInitialized) { + return CK_FALSE; + } - return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -840,23 +797,21 @@ nssCKFWToken_GetUserPinInitialized * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetRestoreKeyNotNeeded -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRestoreKeyNotNeeded( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetRestoreKeyNotNeeded) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetRestoreKeyNotNeeded) { + return CK_FALSE; + } - return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -864,23 +819,21 @@ nssCKFWToken_GetRestoreKeyNotNeeded * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasClockOnToken -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasClockOnToken( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasClockOnToken) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasClockOnToken) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -888,23 +841,21 @@ nssCKFWToken_GetHasClockOnToken * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasProtectedAuthenticationPath -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasProtectedAuthenticationPath( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); } /* @@ -912,23 +863,21 @@ nssCKFWToken_GetHasProtectedAuthenticationPath * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetSupportsDualCryptoOperations -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSupportsDualCryptoOperations( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetSupportsDualCryptoOperations) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetSupportsDualCryptoOperations) { + return CK_FALSE; + } - return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); } /* @@ -936,23 +885,21 @@ nssCKFWToken_GetSupportsDualCryptoOperations * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxSessionCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxSessionCount) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -960,23 +907,21 @@ nssCKFWToken_GetMaxSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxRwSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxRwSessionCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxRwSessionCount) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxRwSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -984,23 +929,21 @@ nssCKFWToken_GetMaxRwSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxPinLen -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxPinLen( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxPinLen) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1008,23 +951,21 @@ nssCKFWToken_GetMaxPinLen * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMinPinLen -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMinPinLen( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMinPinLen) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMinPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1032,23 +973,21 @@ nssCKFWToken_GetMinPinLen * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetTotalPublicMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetTotalPublicMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetTotalPublicMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetTotalPublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1056,23 +995,21 @@ nssCKFWToken_GetTotalPublicMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetFreePublicMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFreePublicMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetFreePublicMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetFreePublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1080,23 +1017,21 @@ nssCKFWToken_GetFreePublicMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetTotalPrivateMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetTotalPrivateMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetTotalPrivateMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetTotalPrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1104,23 +1039,21 @@ nssCKFWToken_GetTotalPrivateMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetFreePrivateMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFreePrivateMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetFreePrivateMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetFreePrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1128,44 +1061,42 @@ nssCKFWToken_GetFreePrivateMemory * */ NSS_IMPLEMENT CK_VERSION -nssCKFWToken_GetHardwareVersion -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHardwareVersion( + NSSCKFWToken *fwToken) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwToken->hardwareVersion.major) || + (0 != fwToken->hardwareVersion.minor)) { + rv = fwToken->hardwareVersion; + goto done; + } + + if (fwToken->mdToken->GetHardwareVersion) { + fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } else { + fwToken->hardwareVersion.major = 0; + fwToken->hardwareVersion.minor = 1; + } - if( (0 != fwToken->hardwareVersion.major) || - (0 != fwToken->hardwareVersion.minor) ) { rv = fwToken->hardwareVersion; - goto done; - } - - if (fwToken->mdToken->GetHardwareVersion) { - fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( - fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } else { - fwToken->hardwareVersion.major = 0; - fwToken->hardwareVersion.minor = 1; - } - - rv = fwToken->hardwareVersion; - - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1173,44 +1104,42 @@ nssCKFWToken_GetHardwareVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWToken_GetFirmwareVersion -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFirmwareVersion( + NSSCKFWToken *fwToken) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwToken->firmwareVersion.major) || + (0 != fwToken->firmwareVersion.minor)) { + rv = fwToken->firmwareVersion; + goto done; + } + + if (fwToken->mdToken->GetFirmwareVersion) { + fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } else { + fwToken->firmwareVersion.major = 0; + fwToken->firmwareVersion.minor = 1; + } - if( (0 != fwToken->firmwareVersion.major) || - (0 != fwToken->firmwareVersion.minor) ) { rv = fwToken->firmwareVersion; - goto done; - } - - if (fwToken->mdToken->GetFirmwareVersion) { - fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( - fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } else { - fwToken->firmwareVersion.major = 0; - fwToken->firmwareVersion.minor = 1; - } - - rv = fwToken->firmwareVersion; - - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1218,86 +1147,95 @@ nssCKFWToken_GetFirmwareVersion * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetUTCTime -( - NSSCKFWToken *fwToken, - CK_CHAR utcTime[16] -) +nssCKFWToken_GetUTCTime( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } - if( (CK_CHAR_PTR)NULL == utcTime ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == utcTime) { + return CKR_ARGUMENTS_BAD; + } #endif /* DEBUG */ - if( CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken) ) { - /* return CKR_DEVICE_ERROR; */ - (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' '); - return CKR_OK; - } - - if (!fwToken->mdToken->GetUTCTime) { - /* It said it had one! */ - return CKR_GENERAL_ERROR; - } - - error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, utcTime); - if( CKR_OK != error ) { - return error; - } - - /* Sanity-check the data */ - { - /* Format is YYYYMMDDhhmmss00 */ - int i; - int Y, M, D, h, m, s; - static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - - for( i = 0; i < 16; i++ ) { - if( (utcTime[i] < '0') || (utcTime[i] > '9') ) { - goto badtime; - } + if (CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken)) { + /* return CKR_DEVICE_ERROR; */ + (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' '); + return CKR_OK; } - Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) + - ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0'); - M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0'); - D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0'); - h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); - m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); - s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - - if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ - if( (M < 1) || (M > 12) ) goto badtime; - if( (D < 1) || (D > 31) ) goto badtime; - - if( D > dims[M-1] ) goto badtime; /* per-month check */ - if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */ + if (!fwToken->mdToken->GetUTCTime) { + /* It said it had one! */ + return CKR_GENERAL_ERROR; + } - if( (h < 0) || (h > 23) ) goto badtime; - if( (m < 0) || (m > 60) ) goto badtime; - if( (s < 0) || (s > 61) ) goto badtime; + error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, utcTime); + if (CKR_OK != error) { + return error; + } - /* 60m and 60 or 61s is only allowed for leap seconds. */ - if( (60 == m) || (s >= 60) ) { - if( (23 != h) || (60 != m) || (s < 60) ) goto badtime; - /* leap seconds can only happen on June 30 or Dec 31.. I think */ - /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */ + /* Sanity-check the data */ + { + /* Format is YYYYMMDDhhmmss00 */ + int i; + int Y, M, D, h, m, s; + static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; + + for (i = 0; i < 16; i++) { + if ((utcTime[i] < '0') || (utcTime[i] > '9')) { + goto badtime; + } + } + + Y = ((utcTime[0] - '0') * 1000) + ((utcTime[1] - '0') * 100) + + ((utcTime[2] - '0') * 10) + (utcTime[3] - '0'); + M = ((utcTime[4] - '0') * 10) + (utcTime[5] - '0'); + D = ((utcTime[6] - '0') * 10) + (utcTime[7] - '0'); + h = ((utcTime[8] - '0') * 10) + (utcTime[9] - '0'); + m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); + s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); + + if ((Y < 1990) || (Y > 3000)) + goto badtime; /* Y3K problem. heh heh heh */ + if ((M < 1) || (M > 12)) + goto badtime; + if ((D < 1) || (D > 31)) + goto badtime; + + if (D > dims[M - 1]) + goto badtime; /* per-month check */ + if ((2 == M) && (((Y % 4) || !(Y % 100)) && + (Y % 400)) && + (D > 28)) + goto badtime; /* leap years */ + + if ((h < 0) || (h > 23)) + goto badtime; + if ((m < 0) || (m > 60)) + goto badtime; + if ((s < 0) || (s > 61)) + goto badtime; + + /* 60m and 60 or 61s is only allowed for leap seconds. */ + if ((60 == m) || (s >= 60)) { + if ((23 != h) || (60 != m) || (s < 60)) + goto badtime; + /* leap seconds can only happen on June 30 or Dec 31.. I think */ + /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */ + } } - } - return CKR_OK; + return CKR_OK; - badtime: - return CKR_GENERAL_ERROR; +badtime: + return CKR_GENERAL_ERROR; } /* @@ -1305,108 +1243,106 @@ nssCKFWToken_GetUTCTime * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWToken_OpenSession -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -) +nssCKFWToken_OpenSession( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError) { - NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL; - NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL; + NSSCKMDSession *mdSession; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSession *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } - - switch( rw ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWSession *)NULL; - } + if (!pError) { + return (NSSCKFWSession *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } + + switch (rw) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } + *pError = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } - if( CK_TRUE == rw ) { - /* Read-write session desired */ - if( CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken) ) { - *pError = CKR_TOKEN_WRITE_PROTECTED; - goto done; + if (CK_TRUE == rw) { + /* Read-write session desired */ + if (CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken)) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + goto done; + } + } else { + /* Read-only session desired */ + if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) { + *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; + goto done; + } } - } else { - /* Read-only session desired */ - if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) { - *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; - goto done; + + /* We could compare sesion counts to any limits we know of, I guess.. */ + + if (!fwToken->mdToken->OpenSession) { + /* + * I'm not sure that the Module actually needs to implement + * mdSessions -- the Framework can keep track of everything + * needed, really. But I'll sort out that detail later.. + */ + *pError = CKR_GENERAL_ERROR; + goto done; } - } - /* We could compare sesion counts to any limits we know of, I guess.. */ + fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError); + if (!fwSession) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto done; + } - if (!fwToken->mdToken->OpenSession) { - /* - * I'm not sure that the Module actually needs to implement - * mdSessions -- the Framework can keep track of everything - * needed, really. But I'll sort out that detail later.. - */ - *pError = CKR_GENERAL_ERROR; - goto done; - } - - fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError); - if (!fwSession) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto done; - } - - mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, fwSession, - rw, pError); - if (!mdSession) { - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, fwSession, + rw, pError); + if (!mdSession) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto done; } - goto done; - } - *pError = nssCKFWSession_SetMDSession(fwSession, mdSession); - if( CKR_OK != *pError ) { - if (mdSession->Close) { - mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + *pError = nssCKFWSession_SetMDSession(fwSession, mdSession); + if (CKR_OK != *pError) { + if (mdSession->Close) { + mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + goto done; } - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - goto done; - } - *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession); - if( CKR_OK != *pError ) { - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - fwSession = (NSSCKFWSession *)NULL; - goto done; - } + *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession); + if (CKR_OK != *pError) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + fwSession = (NSSCKFWSession *)NULL; + goto done; + } - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return fwSession; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return fwSession; } /* @@ -1414,23 +1350,21 @@ nssCKFWToken_OpenSession * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMechanismCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMechanismCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return 0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return 0; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMechanismCount) { - return 0; - } + if (!fwToken->mdToken->GetMechanismCount) { + return 0; + } - return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1438,110 +1372,103 @@ nssCKFWToken_GetMechanismCount * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetMechanismTypes -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE types[] -) +nssCKFWToken_GetMechanismTypes( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[]) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKR_ARGUMENTS_BAD; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKR_ARGUMENTS_BAD; + } - if (!types) { - return CKR_ARGUMENTS_BAD; - } + if (!types) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMechanismTypes) { - /* - * This should only be called with a sufficiently-large - * "types" array, which can only be done if GetMechanismCount - * is implemented. If that's implemented (and returns nonzero), - * then this should be too. So return an error. - */ - return CKR_GENERAL_ERROR; - } + if (!fwToken->mdToken->GetMechanismTypes) { + /* + * This should only be called with a sufficiently-large + * "types" array, which can only be done if GetMechanismCount + * is implemented. If that's implemented (and returns nonzero), + * then this should be too. So return an error. + */ + return CKR_GENERAL_ERROR; + } - return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, types); + return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, types); } - /* * nssCKFWToken_GetMechanism * */ NSS_IMPLEMENT NSSCKFWMechanism * -nssCKFWToken_GetMechanism -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +nssCKFWToken_GetMechanism( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - NSSCKMDMechanism *mdMechanism; - if (!fwToken->mdMechanismHash) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWMechanism *)NULL; - } - - if (!fwToken->mdToken->GetMechanism) { - /* - * If we don't implement any GetMechanism function, then we must - * not support any. - */ - *pError = CKR_MECHANISM_INVALID; - return (NSSCKFWMechanism *)NULL; - } - - /* lookup in hash table */ - mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, which, pError); - if (!mdMechanism) { - return (NSSCKFWMechanism *) NULL; - } - /* store in hash table */ - return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + NSSCKMDMechanism *mdMechanism; + if (!fwToken->mdMechanismHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWMechanism *)NULL; + } + + if (!fwToken->mdToken->GetMechanism) { + /* + * If we don't implement any GetMechanism function, then we must + * not support any. + */ + *pError = CKR_MECHANISM_INVALID; + return (NSSCKFWMechanism *)NULL; + } + + /* lookup in hash table */ + mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, which, pError); + if (!mdMechanism) { + return (NSSCKFWMechanism *)NULL; + } + /* store in hash table */ + return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } NSS_IMPLEMENT CK_RV -nssCKFWToken_SetSessionState -( - NSSCKFWToken *fwToken, - CK_STATE newState -) +nssCKFWToken_SetSessionState( + NSSCKFWToken *fwToken, + CK_STATE newState) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } - - switch( newState ) { - case CKS_RO_PUBLIC_SESSION: - case CKS_RO_USER_FUNCTIONS: - case CKS_RW_PUBLIC_SESSION: - case CKS_RW_USER_FUNCTIONS: - case CKS_RW_SO_FUNCTIONS: - break; - default: - return CKR_ARGUMENTS_BAD; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } + + switch (newState) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + case CKS_RW_SO_FUNCTIONS: + break; + default: + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - fwToken->state = newState; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return CKR_OK; + fwToken->state = newState; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return CKR_OK; } /* @@ -1549,101 +1476,96 @@ nssCKFWToken_SetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_RemoveSession -( - NSSCKFWToken *fwToken, - NSSCKFWSession *fwSession -) +nssCKFWToken_RemoveSession( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) { - error = CKR_SESSION_HANDLE_INVALID; - goto done; - } + if (CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession)) { + error = CKR_SESSION_HANDLE_INVALID; + goto done; + } - nssCKFWHash_Remove(fwToken->sessions, fwSession); - fwToken->sessionCount--; + nssCKFWHash_Remove(fwToken->sessions, fwSession); + fwToken->sessionCount--; - if( nssCKFWSession_IsRWSession(fwSession) ) { - fwToken->rwSessionCount--; - } + if (nssCKFWSession_IsRWSession(fwSession)) { + fwToken->rwSessionCount--; + } - if( 0 == fwToken->sessionCount ) { - fwToken->rwSessionCount = 0; /* sanity */ - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - } + if (0 == fwToken->sessionCount) { + fwToken->rwSessionCount = 0; /* sanity */ + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + } - error = CKR_OK; + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } - /* * nssCKFWToken_CloseAllSessions * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_CloseAllSessions -( - NSSCKFWToken *fwToken -) +nssCKFWToken_CloseAllSessions( + NSSCKFWToken *fwToken) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL); + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL); - nssCKFWHash_Destroy(fwToken->sessions); + nssCKFWHash_Destroy(fwToken->sessions); - fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error); - if (!fwToken->sessions) { - if( CKR_OK == error ) { - error = CKR_GENERAL_ERROR; + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error); + if (!fwToken->sessions) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + goto done; } - goto done; - } - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - fwToken->sessionCount = 0; - fwToken->rwSessionCount = 0; + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; - error = CKR_OK; + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -1651,26 +1573,24 @@ nssCKFWToken_CloseAllSessions * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->sessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->sessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1678,26 +1598,24 @@ nssCKFWToken_GetSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetRwSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRwSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->rwSessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1705,26 +1623,24 @@ nssCKFWToken_GetRwSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetRoSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRoSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->sessionCount - fwToken->rwSessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->sessionCount - fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1732,18 +1648,16 @@ nssCKFWToken_GetRoSessionCount * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetSessionObjectHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionObjectHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->sessionObjectHash; + return fwToken->sessionObjectHash; } /* @@ -1751,18 +1665,16 @@ nssCKFWToken_GetSessionObjectHash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetMDObjectHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDObjectHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdObjectHash; + return fwToken->mdObjectHash; } /* @@ -1770,18 +1682,16 @@ nssCKFWToken_GetMDObjectHash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetObjectHandleHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetObjectHandleHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdObjectHash; + return fwToken->mdObjectHash; } /* @@ -1790,18 +1700,16 @@ nssCKFWToken_GetObjectHandleHash */ NSS_IMPLEMENT NSSCKMDToken * -NSSCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetMDToken( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDToken *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDToken *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetMDToken(fwToken); + return nssCKFWToken_GetMDToken(fwToken); } /* @@ -1810,24 +1718,22 @@ NSSCKFWToken_GetMDToken */ NSS_IMPLEMENT NSSArena * -NSSCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -) +NSSCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetArena(fwToken, pError); + return nssCKFWToken_GetArena(fwToken, pError); } /* @@ -1836,18 +1742,16 @@ NSSCKFWToken_GetArena */ NSS_IMPLEMENT NSSCKFWSlot * -NSSCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKFWSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetFWSlot(fwToken); + return nssCKFWToken_GetFWSlot(fwToken); } /* @@ -1856,18 +1760,16 @@ NSSCKFWToken_GetFWSlot */ NSS_IMPLEMENT NSSCKMDSlot * -NSSCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetMDSlot(fwToken); + return nssCKFWToken_GetMDSlot(fwToken); } /* @@ -1876,16 +1778,14 @@ NSSCKFWToken_GetMDSlot */ NSS_IMPLEMENT CK_STATE -NSSCKFWSession_GetSessionState -( - NSSCKFWToken *fwToken -) +NSSCKFWSession_GetSessionState( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKS_RO_PUBLIC_SESSION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKS_RO_PUBLIC_SESSION; + } #endif /* DEBUG */ - return nssCKFWToken_GetSessionState(fwToken); + return nssCKFWToken_GetSessionState(fwToken); } diff --git a/nss/lib/ckfw/wrap.c b/nss/lib/ckfw/wrap.c index 3a0b0df..44c2e8e 100644 --- a/nss/lib/ckfw/wrap.c +++ b/nss/lib/ckfw/wrap.c @@ -92,41 +92,46 @@ /* figure out out locking semantics */ static CK_RV nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState *pLocking_state) { - int functionCount = 0; + CryptokiLockingState *pLocking_state) +{ + int functionCount = 0; - /* parsed according to (PKCS #11 Section 11.4) */ - /* no args, the degenerate version of case 1 */ - if (!pInitArgs) { - *pLocking_state = SingleThreaded; - return CKR_OK; - } + /* parsed according to (PKCS #11 Section 11.4) */ + /* no args, the degenerate version of case 1 */ + if (!pInitArgs) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } - /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ - if (pInitArgs->flags & CKF_OS_LOCKING_OK) { - *pLocking_state = MultiThreaded; - return CKR_OK; - } - if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; - if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; - if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; - if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; - - /* CKF_OS_LOCKING_OK is not set, and not functions supplied, - * explicit case 1 */ - if (0 == functionCount) { - *pLocking_state = SingleThreaded; - return CKR_OK; - } - - /* OS_LOCKING_OK is not set and functions have been supplied. Since - * ckfw uses nssbase library which explicitly calls NSPR, and since - * there is no way to reliably override these explicit calls to NSPR, - * therefore we can't support applications which have their own threading - * module. Return CKR_CANT_LOCK if they supplied the correct number of - * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will - * fail the initialize */ - return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; + /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ + if (pInitArgs->flags & CKF_OS_LOCKING_OK) { + *pLocking_state = MultiThreaded; + return CKR_OK; + } + if ((CK_CREATEMUTEX)NULL != pInitArgs->CreateMutex) + functionCount++; + if ((CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex) + functionCount++; + if ((CK_LOCKMUTEX)NULL != pInitArgs->LockMutex) + functionCount++; + if ((CK_UNLOCKMUTEX)NULL != pInitArgs->UnlockMutex) + functionCount++; + + /* CKF_OS_LOCKING_OK is not set, and not functions supplied, + * explicit case 1 */ + if (0 == functionCount) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } + + /* OS_LOCKING_OK is not set and functions have been supplied. Since + * ckfw uses nssbase library which explicitly calls NSPR, and since + * there is no way to reliably override these explicit calls to NSPR, + * therefore we can't support applications which have their own threading + * module. Return CKR_CANT_LOCK if they supplied the correct number of + * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will + * fail the initialize */ + return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; } static PRInt32 liveInstances; @@ -136,60 +141,58 @@ static PRInt32 liveInstances; * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Initialize -( - NSSCKFWInstance **pFwInstance, - NSSCKMDInstance *mdInstance, - CK_VOID_PTR pInitArgs -) +NSSCKFWC_Initialize( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs) { - CK_RV error = CKR_OK; - CryptokiLockingState locking_state; - - if( (NSSCKFWInstance **)NULL == pFwInstance ) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - if (*pFwInstance) { - error = CKR_CRYPTOKI_ALREADY_INITIALIZED; - goto loser; - } - - if (!mdInstance) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); - if( CKR_OK != error ) { - goto loser; - } - - *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); - if (!*pFwInstance) { - goto loser; - } - PR_ATOMIC_INCREMENT(&liveInstances); - return CKR_OK; - - loser: - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CANT_LOCK: - case CKR_CRYPTOKI_ALREADY_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_NEED_TO_CREATE_THREADS: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CryptokiLockingState locking_state; + + if ((NSSCKFWInstance **)NULL == pFwInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (*pFwInstance) { + error = CKR_CRYPTOKI_ALREADY_INITIALIZED; + goto loser; + } + + if (!mdInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + error = nssCKFW_GetThreadSafeState(pInitArgs, &locking_state); + if (CKR_OK != error) { + goto loser; + } + + *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); + if (!*pFwInstance) { + goto loser; + } + PR_ATOMIC_INCREMENT(&liveInstances); + return CKR_OK; + +loser: + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CANT_LOCK: + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NEED_TO_CREATE_THREADS: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -197,59 +200,57 @@ NSSCKFWC_Initialize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Finalize -( - NSSCKFWInstance **pFwInstance -) +NSSCKFWC_Finalize( + NSSCKFWInstance **pFwInstance) { - CK_RV error = CKR_OK; - - if( (NSSCKFWInstance **)NULL == pFwInstance ) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - if (!*pFwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - error = nssCKFWInstance_Destroy(*pFwInstance); - - /* In any case */ - *pFwInstance = (NSSCKFWInstance *)NULL; - - loser: - switch( error ) { - PRInt32 remainingInstances; - case CKR_OK: - remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); - if (!remainingInstances) { - nssArena_Shutdown(); - } - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - error = CKR_GENERAL_ERROR; - break; - } - - /* - * A thread's error stack is automatically destroyed when the thread - * terminates or, for the primordial thread, by PR_Cleanup. On - * Windows with MinGW, the thread private data destructor PR_Free - * registered by this module is actually a thunk for PR_Free defined - * in this module. When the thread that unloads this module terminates - * or calls PR_Cleanup, the thunk for PR_Free is already gone with the - * module. Therefore we need to destroy the error stack before the - * module is unloaded. - */ - nss_DestroyErrorStack(); - return error; + CK_RV error = CKR_OK; + + if ((NSSCKFWInstance **)NULL == pFwInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (!*pFwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + error = nssCKFWInstance_Destroy(*pFwInstance); + + /* In any case */ + *pFwInstance = (NSSCKFWInstance *)NULL; + +loser: + switch (error) { + PRInt32 remainingInstances; + case CKR_OK: + remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); + if (!remainingInstances) { + nssArena_Shutdown(); + } + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } + + /* + * A thread's error stack is automatically destroyed when the thread + * terminates or, for the primordial thread, by PR_Cleanup. On + * Windows with MinGW, the thread private data destructor PR_Free + * registered by this module is actually a thunk for PR_Free defined + * in this module. When the thread that unloads this module terminates + * or calls PR_Cleanup, the thunk for PR_Free is already gone with the + * module. Therefore we need to destroy the error stack before the + * module is unloaded. + */ + nss_DestroyErrorStack(); + return error; } /* @@ -257,57 +258,55 @@ NSSCKFWC_Finalize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetInfo -( - NSSCKFWInstance *fwInstance, - CK_INFO_PTR pInfo -) +NSSCKFWC_GetInfo( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } + if ((CK_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } - /* - * A purify error here means a caller error - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); + /* + * A purify error here means a caller error + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); - pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); + pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); - error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } + error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } - pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); + pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); - error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); - if( CKR_OK != error ) { - goto loser; - } + error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); + if (CKR_OK != error) { + goto loser; + } - pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); + pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); - return CKR_OK; + return CKR_OK; - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - error = CKR_GENERAL_ERROR; - break; - } +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } - return error; + return error; } - + /* * C_GetFunctionList is implemented entirely in the Module's file which * includes the Framework API insert file. It requires no "actual" @@ -319,179 +318,175 @@ NSSCKFWC_GetInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSlotList -( - NSSCKFWInstance *fwInstance, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount -) +NSSCKFWC_GetSlotList( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - switch( tokenPresent ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { - *pulCount = nSlots; - return CKR_OK; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); + CK_RV error = CKR_OK; + CK_ULONG nSlots; - if( *pulCount < nSlots ) { - *pulCount = nSlots; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } else { - CK_ULONG i; - *pulCount = nSlots; - - /* - * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we - * just index one when we need it. + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + switch (tokenPresent) { + case CK_TRUE: + case CK_FALSE: + break; + default: + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList) { + *pulCount = nSlots; + return CKR_OK; + } + + /* + * A purify error here indicates caller error. */ + (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); + + if (*pulCount < nSlots) { + *pulCount = nSlots; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } else { + CK_ULONG i; + *pulCount = nSlots; - for( i = 0; i < nSlots; i++ ) { - pSlotList[i] = i+1; + /* + * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we + * just index one when we need it. + */ + + for (i = 0; i < nSlots; i++) { + pSlotList[i] = i + 1; + } + + return CKR_OK; } - return CKR_OK; - } - - loser: - switch( error ) { - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; +loser: + switch (error) { + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } - + /* * NSSCKFWC_GetSlotInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSlotInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo -) +NSSCKFWC_GetSlotInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } - - if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { - pInfo->flags |= CKF_TOKEN_PRESENT; - } - - if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { - pInfo->flags |= CKF_REMOVABLE_DEVICE; - } - - if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { - pInfo->flags |= CKF_HW_SLOT; - } - - pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); - pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } + + if (nssCKFWSlot_GetTokenPresent(fwSlot)) { + pInfo->flags |= CKF_TOKEN_PRESENT; + } + + if (nssCKFWSlot_GetRemovableDevice(fwSlot)) { + pInfo->flags |= CKF_REMOVABLE_DEVICE; + } + + if (nssCKFWSlot_GetHardwareSlot(fwSlot)) { + pInfo->flags |= CKF_HW_SLOT; + } + + pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); + pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); + + return CKR_OK; + +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + } + + return error; } /* @@ -499,156 +494,154 @@ NSSCKFWC_GetSlotInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetTokenInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo -) +NSSCKFWC_GetTokenInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - error = nssCKFWToken_GetLabel(fwToken, pInfo->label); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetModel(fwToken, pInfo->model); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); - if( CKR_OK != error ) { - goto loser; - } - - if( nssCKFWToken_GetHasRNG(fwToken) ) { - pInfo->flags |= CKF_RNG; - } - - if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { - pInfo->flags |= CKF_WRITE_PROTECTED; - } - - if( nssCKFWToken_GetLoginRequired(fwToken) ) { - pInfo->flags |= CKF_LOGIN_REQUIRED; - } - - if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { - pInfo->flags |= CKF_USER_PIN_INITIALIZED; - } - - if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { - pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; - } - - if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { - pInfo->flags |= CKF_CLOCK_ON_TOKEN; - } - - if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { - pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; - } - - if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { - pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; - } - - pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); - pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); - pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); - pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); - pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); - pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); - pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); - pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); - pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); - pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); - pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); - pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); - - error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_GetLabel(fwToken, pInfo->label); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetModel(fwToken, pInfo->model); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); + if (CKR_OK != error) { + goto loser; + } + + if (nssCKFWToken_GetHasRNG(fwToken)) { + pInfo->flags |= CKF_RNG; + } + + if (nssCKFWToken_GetIsWriteProtected(fwToken)) { + pInfo->flags |= CKF_WRITE_PROTECTED; + } + + if (nssCKFWToken_GetLoginRequired(fwToken)) { + pInfo->flags |= CKF_LOGIN_REQUIRED; + } + + if (nssCKFWToken_GetUserPinInitialized(fwToken)) { + pInfo->flags |= CKF_USER_PIN_INITIALIZED; + } + + if (nssCKFWToken_GetRestoreKeyNotNeeded(fwToken)) { + pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; + } + + if (nssCKFWToken_GetHasClockOnToken(fwToken)) { + pInfo->flags |= CKF_CLOCK_ON_TOKEN; + } + + if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) { + pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; + } + + if (nssCKFWToken_GetSupportsDualCryptoOperations(fwToken)) { + pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; + } + + pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); + pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); + pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); + pInfo->ulRwSessionCount = nssCKFWToken_GetRwSessionCount(fwToken); + pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); + pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); + pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); + pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); + pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); + pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); + pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); + pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); + + error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -656,82 +649,80 @@ NSSCKFWC_GetTokenInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved -) +NSSCKFWC_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - CK_BBOOL block; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - if( flags & ~CKF_DONT_BLOCK ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); - if (!fwSlot) { - goto loser; - } - - for( i = 0; i < nSlots; i++ ) { - if( fwSlot == slots[i] ) { - *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); - return CKR_OK; - } - } - - error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ - - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_NO_EVENT: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + CK_BBOOL block; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if (flags & ~CKF_DONT_BLOCK) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_VOID_PTR)CK_NULL_PTR != pReserved) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); + if (!fwSlot) { + goto loser; + } + + for (i = 0; i < nSlots; i++) { + if (fwSlot == slots[i]) { + *pSlot = (CK_SLOT_ID)(CK_ULONG)(i + 1); + return CKR_OK; + } + } + + error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ + +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NO_EVENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -739,113 +730,111 @@ NSSCKFWC_WaitForSlotEvent * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetMechanismList -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount -) +NSSCKFWC_GetMechanismList( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - CK_ULONG count; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - count = nssCKFWToken_GetMechanismCount(fwToken); - - if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { - *pulCount = count; - return CKR_OK; - } + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_ULONG count; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + count = nssCKFWToken_GetMechanismCount(fwToken); + + if ((CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList) { + *pulCount = count; + return CKR_OK; + } + + if (*pulCount < count) { + *pulCount = count; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); - if( *pulCount < count ) { *pulCount = count; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); + if (0 != count) { + error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); + } else { + error = CKR_OK; + } - *pulCount = count; + if (CKR_OK == error) { + return CKR_OK; + } - if( 0 != count ) { - error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); - } else { - error = CKR_OK; - } +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } - if( CKR_OK == error ) { - return CKR_OK; - } - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + return error; } /* @@ -853,139 +842,137 @@ NSSCKFWC_GetMechanismList * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetMechanismInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo -) +NSSCKFWC_GetMechanismInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); - if (!fwMechanism) { - goto loser; - } - - pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); - pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); - - if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { - pInfo->flags |= CKF_HW; - } - if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { - pInfo->flags |= CKF_ENCRYPT; - } - if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { - pInfo->flags |= CKF_DECRYPT; - } - if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { - pInfo->flags |= CKF_DIGEST; - } - if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { - pInfo->flags |= CKF_SIGN; - } - if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { - pInfo->flags |= CKF_SIGN_RECOVER; - } - if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { - pInfo->flags |= CKF_VERIFY; - } - if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { - pInfo->flags |= CKF_VERIFY_RECOVER; - } - if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { - pInfo->flags |= CKF_GENERATE; - } - if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { - pInfo->flags |= CKF_GENERATE_KEY_PAIR; - } - if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { - pInfo->flags |= CKF_WRAP; - } - if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { - pInfo->flags |= CKF_UNWRAP; - } - if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { - pInfo->flags |= CKF_DERIVE; - } - nssCKFWMechanism_Destroy(fwMechanism); - - return error; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + if ((CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); + if (!fwMechanism) { + goto loser; + } + + pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); + pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); + + if (nssCKFWMechanism_GetInHardware(fwMechanism, &error)) { + pInfo->flags |= CKF_HW; + } + if (nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error)) { + pInfo->flags |= CKF_ENCRYPT; + } + if (nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error)) { + pInfo->flags |= CKF_DECRYPT; + } + if (nssCKFWMechanism_GetCanDigest(fwMechanism, &error)) { + pInfo->flags |= CKF_DIGEST; + } + if (nssCKFWMechanism_GetCanSign(fwMechanism, &error)) { + pInfo->flags |= CKF_SIGN; + } + if (nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error)) { + pInfo->flags |= CKF_SIGN_RECOVER; + } + if (nssCKFWMechanism_GetCanVerify(fwMechanism, &error)) { + pInfo->flags |= CKF_VERIFY; + } + if (nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error)) { + pInfo->flags |= CKF_VERIFY_RECOVER; + } + if (nssCKFWMechanism_GetCanGenerate(fwMechanism, &error)) { + pInfo->flags |= CKF_GENERATE; + } + if (nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error)) { + pInfo->flags |= CKF_GENERATE_KEY_PAIR; + } + if (nssCKFWMechanism_GetCanWrap(fwMechanism, &error)) { + pInfo->flags |= CKF_WRAP; + } + if (nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error)) { + pInfo->flags |= CKF_UNWRAP; + } + if (nssCKFWMechanism_GetCanDerive(fwMechanism, &error)) { + pInfo->flags |= CKF_DERIVE; + } + nssCKFWMechanism_Destroy(fwMechanism); + + return error; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -993,94 +980,92 @@ NSSCKFWC_GetMechanismInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_InitToken -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_CHAR_PTR pLabel -) +NSSCKFWC_InitToken( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSItem pin; - NSSUTF8 *label; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - label = (NSSUTF8 *)pLabel; /* identity conversion */ - - error = nssCKFWToken_InitToken(fwToken, &pin, label); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INCORRECT: - case CKR_PIN_LOCKED: - case CKR_SESSION_EXISTS: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSItem pin; + NSSUTF8 *label; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + label = (NSSUTF8 *)pLabel; /* identity conversion */ + + error = nssCKFWToken_InitToken(fwToken, &pin, label); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1088,73 +1073,71 @@ NSSCKFWC_InitToken * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_InitPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -) +NSSCKFWC_InitPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem pin, *arg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { - arg = (NSSItem *)NULL; - } else { - arg = &pin; - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - } - - error = nssCKFWSession_InitPIN(fwSession, arg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INVALID: - case CKR_PIN_LEN_RANGE: - case CKR_SESSION_READ_ONLY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { + arg = (NSSItem *)NULL; + } else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_InitPIN(fwSession, arg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_SESSION_READ_ONLY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1162,84 +1145,82 @@ NSSCKFWC_InitPIN * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_CHAR_PTR pNewPin, - CK_ULONG ulNewLen -) +NSSCKFWC_SetPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem oldPin, newPin, *oldArg, *newArg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { - oldArg = (NSSItem *)NULL; - } else { - oldArg = &oldPin; - oldPin.size = (PRUint32)ulOldLen; - oldPin.data = (void *)pOldPin; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { - newArg = (NSSItem *)NULL; - } else { - newArg = &newPin; - newPin.size = (PRUint32)ulNewLen; - newPin.data = (void *)pNewPin; - } - - error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INCORRECT: - case CKR_PIN_INVALID: - case CKR_PIN_LEN_RANGE: - case CKR_PIN_LOCKED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem oldPin, newPin, *oldArg, *newArg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) { + oldArg = (NSSItem *)NULL; + } else { + oldArg = &oldPin; + oldPin.size = (PRUint32)ulOldLen; + oldPin.data = (void *)pOldPin; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) { + newArg = (NSSItem *)NULL; + } else { + newArg = &newPin; + newPin.size = (PRUint32)ulNewLen; + newPin.data = (void *)pNewPin; + } + + error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1247,128 +1228,126 @@ NSSCKFWC_SetPIN * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_OpenSession -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession -) +NSSCKFWC_OpenSession( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSCKFWSession *fwSession; - CK_BBOOL rw; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( flags & CKF_RW_SESSION ) { - rw = CK_TRUE; - } else { - rw = CK_FALSE; - } - - if( flags & CKF_SERIAL_SESSION ) { - ; - } else { - error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - goto loser; - } - - if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phSession = (CK_SESSION_HANDLE)0; - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, - Notify, &error); - if (!fwSession) { - goto loser; - } - - *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, - fwSession, &error); - if( (CK_SESSION_HANDLE)0 == *phSession ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_COUNT: - case CKR_SESSION_EXISTS: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - case CKR_SESSION_READ_WRITE_SO_EXISTS: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_PRESENT: - case CKR_TOKEN_NOT_RECOGNIZED: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWSession *fwSession; + CK_BBOOL rw; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if (flags & CKF_RW_SESSION) { + rw = CK_TRUE; + } else { + rw = CK_FALSE; + } + + if (flags & CKF_SERIAL_SESSION) { + ; + } else { + error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; + goto loser; + } + + if (flags & ~(CKF_RW_SESSION | CKF_SERIAL_SESSION)) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phSession = (CK_SESSION_HANDLE)0; + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, + Notify, &error); + if (!fwSession) { + goto loser; + } + + *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, + fwSession, &error); + if ((CK_SESSION_HANDLE)0 == *phSession) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_COUNT: + case CKR_SESSION_EXISTS: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + case CKR_SESSION_READ_WRITE_SO_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1376,58 +1355,56 @@ NSSCKFWC_OpenSession * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CloseSession -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_CloseSession( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); - error = nssCKFWSession_Destroy(fwSession, CK_TRUE); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); + error = nssCKFWSession_Destroy(fwSession, CK_TRUE); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1435,78 +1412,76 @@ NSSCKFWC_CloseSession * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CloseAllSessions -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID -) +NSSCKFWC_CloseAllSessions( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - error = nssCKFWToken_CloseAllSessions(fwToken); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_PRESENT: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_CloseAllSessions(fwToken); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1514,80 +1489,78 @@ NSSCKFWC_CloseAllSessions * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSessionInfo -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo -) +NSSCKFWC_GetSessionInfo( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); - pInfo->state = nssCKFWSession_GetSessionState(fwSession); - - if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { - pInfo->flags |= CKF_RW_SESSION; - } - - pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ - - pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); + pInfo->state = nssCKFWSession_GetSessionState(fwSession); + + if (CK_TRUE == nssCKFWSession_IsRWSession(fwSession)) { + pInfo->flags |= CKF_RW_SESSION; + } + + pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ + + pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1595,88 +1568,86 @@ NSSCKFWC_GetSessionInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen -) +NSSCKFWC_GetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - CK_ULONG len; - NSSItem buf; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - len = nssCKFWSession_GetOperationStateLen(fwSession, &error); - if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + CK_ULONG len; + NSSItem buf; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + len = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if (((CK_ULONG)0 == len) && (CKR_OK != error)) { + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) { + *pulOperationStateLen = len; + return CKR_OK; + } + + if (*pulOperationStateLen < len) { + *pulOperationStateLen = len; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + buf.size = (PRUint32)*pulOperationStateLen; + buf.data = (void *)pOperationState; *pulOperationStateLen = len; + error = nssCKFWSession_GetOperationState(fwSession, &buf); + + if (CKR_OK != error) { + goto loser; + } + return CKR_OK; - } - if( *pulOperationStateLen < len ) { - *pulOperationStateLen = len; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - buf.size = (PRUint32)*pulOperationStateLen; - buf.data = (void *)pOperationState; - *pulOperationStateLen = len; - error = nssCKFWSession_GetOperationState(fwSession, &buf); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_STATE_UNSAVEABLE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_STATE_UNSAVEABLE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1684,100 +1655,98 @@ NSSCKFWC_GetOperationState * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey -) +NSSCKFWC_SetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *eKey; - NSSCKFWObject *aKey; - NSSItem state; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * We could loop through the buffer, to catch any purify errors - * in a place with a "user error" note. - */ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *eKey; + NSSCKFWObject *aKey; + NSSItem state; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * We could loop through the buffer, to catch any purify errors + * in a place with a "user error" note. + */ - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { - eKey = (NSSCKFWObject *)NULL; - } else { - eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); - if (!eKey) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - } - - if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { - aKey = (NSSCKFWObject *)NULL; - } else { - aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); - if (!aKey) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - } - - state.data = pOperationState; - state.size = ulOperationStateLen; - - error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_CHANGED: - case CKR_KEY_NEEDED: - case CKR_KEY_NOT_NEEDED: - case CKR_SAVED_STATE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) { + eKey = (NSSCKFWObject *)NULL; + } else { + eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); + if (!eKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } + + if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) { + aKey = (NSSCKFWObject *)NULL; + } else { + aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); + if (!aKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } + + state.data = pOperationState; + state.size = ulOperationStateLen; + + error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_CHANGED: + case CKR_KEY_NEEDED: + case CKR_KEY_NOT_NEEDED: + case CKR_SAVED_STATE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1785,77 +1754,75 @@ NSSCKFWC_SetOperationState * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Login -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -) +NSSCKFWC_Login( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem pin, *arg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { - arg = (NSSItem *)NULL; - } else { - arg = &pin; - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - } - - error = nssCKFWSession_Login(fwSession, userType, arg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_EXPIRED: - case CKR_PIN_INCORRECT: - case CKR_PIN_LOCKED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY_EXISTS: - case CKR_USER_ALREADY_LOGGED_IN: - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - case CKR_USER_PIN_NOT_INITIALIZED: - case CKR_USER_TOO_MANY_TYPES: - case CKR_USER_TYPE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { + arg = (NSSItem *)NULL; + } else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_Login(fwSession, userType, arg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_EXPIRED: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY_EXISTS: + case CKR_USER_ALREADY_LOGGED_IN: + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + case CKR_USER_PIN_NOT_INITIALIZED: + case CKR_USER_TOO_MANY_TYPES: + case CKR_USER_TYPE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1863,57 +1830,55 @@ NSSCKFWC_Login * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Logout -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_Logout( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Logout(fwSession); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Logout(fwSession); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1921,85 +1886,83 @@ NSSCKFWC_Logout * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CreateObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject -) +NSSCKFWC_CreateObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phObject = (CK_OBJECT_HANDLE)0; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; - fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, - ulCount, &error); - if (!fwObject) { - goto loser; - } + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - if( (CK_OBJECT_HANDLE)0 == *phObject ) { - nssCKFWObject_Destroy(fwObject); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, + ulCount, &error); + if (!fwObject) { + goto loser; + } + + *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + if ((CK_OBJECT_HANDLE)0 == *phObject) { + nssCKFWObject_Destroy(fwObject); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2007,94 +1970,92 @@ NSSCKFWC_CreateObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CopyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject -) +NSSCKFWC_CopyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwNewObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phNewObject = (CK_OBJECT_HANDLE)0; - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, - pTemplate, ulCount, &error); - if (!fwNewObject) { - goto loser; - } - - *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwNewObject, &error); - if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { - nssCKFWObject_Destroy(fwNewObject); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwNewObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phNewObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, + pTemplate, ulCount, &error); + if (!fwNewObject) { + goto loser; + } + + *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwNewObject, &error); + if ((CK_OBJECT_HANDLE)0 == *phNewObject) { + nssCKFWObject_Destroy(fwNewObject); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2102,65 +2063,63 @@ NSSCKFWC_CopyObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DestroyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject -) +NSSCKFWC_DestroyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); - nssCKFWObject_Destroy(fwObject); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); + nssCKFWObject_Destroy(fwObject); + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2168,77 +2127,75 @@ NSSCKFWC_DestroyObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetObjectSize -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR pulSize -) +NSSCKFWC_GetObjectSize( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *pulSize = (CK_ULONG)0; - - *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); - if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_INFORMATION_SENSITIVE: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulSize) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *pulSize = (CK_ULONG)0; + + *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); + if (((CK_ULONG)0 == *pulSize) && (CKR_OK != error)) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_INFORMATION_SENSITIVE: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2246,229 +2203,233 @@ NSSCKFWC_GetObjectSize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_GetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - CK_BBOOL sensitive = CK_FALSE; - CK_BBOOL invalid = CK_FALSE; - CK_BBOOL tooSmall = CK_FALSE; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - for( i = 0; i < ulCount; i++ ) { - CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, - pTemplate[i].type, &error); - if( (CK_ULONG)0 == size ) { - switch( error ) { - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_INFORMATION_SENSITIVE: - sensitive = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; - case CKR_ATTRIBUTE_TYPE_INVALID: - invalid = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; - case CKR_OK: - break; - default: - goto loser; - } - } - - if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { - pTemplate[i].ulValueLen = size; - } else { - NSSItem it, *p; - - if( pTemplate[i].ulValueLen < size ) { - tooSmall = CK_TRUE; - continue; - } - - it.size = (PRUint32)pTemplate[i].ulValueLen; - it.data = (void *)pTemplate[i].pValue; - p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, - (NSSArena *)NULL, &error); - if (!p) { - switch( error ) { + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_BBOOL sensitive = CK_FALSE; + CK_BBOOL invalid = CK_FALSE; + CK_BBOOL tooSmall = CK_FALSE; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for (i = 0; i < ulCount; i++) { + CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, + pTemplate[i].type, &error); + if ((CK_ULONG)0 == size) { + switch (error) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_OK: + break; + default: + goto loser; + } + } + + if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) { + pTemplate[i].ulValueLen = size; + } else { + NSSItem it, *p; + + if (pTemplate[i].ulValueLen < size) { + tooSmall = CK_TRUE; + continue; + } + + it.size = (PRUint32)pTemplate[i].ulValueLen; + it.data = (void *)pTemplate[i].pValue; + p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, + (NSSArena *)NULL, &error); + if (!p) { + switch (error) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + default: + goto loser; + } + } + + pTemplate[i].ulValueLen = size; + } + } + + if (sensitive) { + error = CKR_ATTRIBUTE_SENSITIVE; + goto loser; + } else if (invalid) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } else if (tooSmall) { + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; case CKR_ATTRIBUTE_SENSITIVE: - case CKR_INFORMATION_SENSITIVE: - sensitive = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; case CKR_ATTRIBUTE_TYPE_INVALID: - invalid = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; default: - goto loser; - } - } - - pTemplate[i].ulValueLen = size; - } - } - - if( sensitive ) { - error = CKR_ATTRIBUTE_SENSITIVE; - goto loser; - } else if( invalid ) { - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } else if( tooSmall ) { - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } - + /* * NSSCKFWC_SetAttributeValue * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_SetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - for (i=0; i < ulCount; i++) { - NSSItem value; - - value.data = pTemplate[i].pValue; - value.size = pTemplate[i].ulValueLen; - - error = nssCKFWObject_SetAttribute(fwObject, fwSession, - pTemplate[i].type, &value); - - if( CKR_OK != error ) { - goto loser; - } - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for (i = 0; i < ulCount; i++) { + NSSItem value; + + value.data = pTemplate[i].pValue; + value.size = pTemplate[i].ulValueLen; + + error = nssCKFWObject_SetAttribute(fwObject, fwSession, + pTemplate[i].type, &value); + + if (CKR_OK != error) { + goto loser; + } + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2476,85 +2437,83 @@ NSSCKFWC_SetAttributeValue * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjectsInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_FindObjectsInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (fwFindObjects) { - error = CKR_OPERATION_ACTIVE; - goto loser; - } - - if( CKR_OPERATION_NOT_INITIALIZED != error ) { - goto loser; - } - - fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, - pTemplate, ulCount, &error); - if (!fwFindObjects) { - goto loser; - } - - error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); - - if( CKR_OK != error ) { - nssCKFWFindObjects_Destroy(fwFindObjects); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if (((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0)) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (fwFindObjects) { + error = CKR_OPERATION_ACTIVE; + goto loser; + } + + if (CKR_OPERATION_NOT_INITIALIZED != error) { + goto loser; + } + + fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, + pTemplate, ulCount, &error); + if (!fwFindObjects) { + goto loser; + } + + error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); + + if (CKR_OK != error) { + nssCKFWFindObjects_Destroy(fwFindObjects); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2562,93 +2521,91 @@ NSSCKFWC_FindObjectsInit * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjects -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR phObject, - CK_ULONG ulMaxObjectCount, - CK_ULONG_PTR pulObjectCount -) +NSSCKFWC_FindObjects( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); - *pulObjectCount = (CK_ULONG)0; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (!fwFindObjects) { - goto loser; - } + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } - for( i = 0; i < ulMaxObjectCount; i++ ) { - NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, - NULL, &error); - if (!fwObject) { - break; - } - - phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); - if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { - phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - } - if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { - /* This isn't right either, is it? */ - nssCKFWObject_Destroy(fwObject); - goto loser; - } - } - - *pulObjectCount = i; - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); + *pulObjectCount = (CK_ULONG)0; + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + goto loser; + } + + for (i = 0; i < ulMaxObjectCount; i++) { + NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, + NULL, &error); + if (!fwObject) { + break; + } + + phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); + if ((CK_OBJECT_HANDLE)0 == phObject[i]) { + phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + } + if ((CK_OBJECT_HANDLE)0 == phObject[i]) { + /* This isn't right either, is it? */ + nssCKFWObject_Destroy(fwObject); + goto loser; + } + } + + *pulObjectCount = i; + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2656,67 +2613,65 @@ NSSCKFWC_FindObjects * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjectsFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_FindObjectsFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (!fwFindObjects) { - error = CKR_OPERATION_NOT_INITIALIZED; - goto loser; - } - - nssCKFWFindObjects_Destroy(fwFindObjects); - error = nssCKFWSession_SetFWFindObjects(fwSession, - (NSSCKFWFindObjects *)NULL); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + error = CKR_OPERATION_NOT_INITIALIZED; + goto loser; + } + + nssCKFWFindObjects_Destroy(fwFindObjects); + error = nssCKFWSession_SetFWFindObjects(fwSession, + (NSSCKFWFindObjects *)NULL); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2724,97 +2679,95 @@ NSSCKFWC_FindObjectsFinal * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_EncryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, - fwSession, fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2822,64 +2775,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Encrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen -) +NSSCKFWC_Encrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_CLOSED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2887,63 +2838,61 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_EncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Update(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2951,61 +2900,59 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen -) +NSSCKFWC_EncryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pLastEncryptedPart, pulLastEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastEncryptedPart, pulLastEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3013,97 +2960,95 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_DecryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, - fwSession, fwObject); - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3111,71 +3056,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Decrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -) +NSSCKFWC_Decrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3183,71 +3126,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Update(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3255,69 +3196,67 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen -) +NSSCKFWC_DecryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pLastPart, pulLastPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastPart, pulLastPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_FAILED: - case CKR_FUNCTION_CANCELED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_FAILED: + case CKR_FUNCTION_CANCELED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3325,85 +3264,83 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism -) +NSSCKFWC_DigestInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3411,62 +3348,60 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Digest -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -) +NSSCKFWC_Digest( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pData, ulDataLen, pDigest, pulDigestLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen, pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3474,59 +3409,57 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen -) +NSSCKFWC_DigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pData, ulDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3534,64 +3467,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_DigestKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestKey(fwSession, fwObject); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestKey(fwSession, fwObject); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_INDIGESTIBLE: - case CKR_KEY_SIZE_RANGE: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_INDIGESTIBLE: + case CKR_KEY_SIZE_RANGE: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3599,60 +3530,58 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -) +NSSCKFWC_DigestFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pDigest, pulDigestLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3660,98 +3589,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_SignInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, - fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3759,66 +3686,64 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Sign -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_Sign( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - case CKR_FUNCTION_REJECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3826,61 +3751,59 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -) +NSSCKFWC_SignUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3888,63 +3811,61 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_SignFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - case CKR_FUNCTION_REJECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3952,98 +3873,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_SignRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, - fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4051,65 +3970,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_SignRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_SignRecover, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_SignRecover, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4117,98 +4034,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_VerifyInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, - fwObject); + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - nssCKFWMechanism_Destroy(fwMechanism); + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } - if (CKR_OK == error) { - return CKR_OK; - } + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4216,65 +4131,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Verify -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -) +NSSCKFWC_Verify( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, &ulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4282,60 +4195,58 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -) +NSSCKFWC_VerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4343,62 +4254,60 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -) +NSSCKFWC_VerifyFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, &ulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4406,98 +4315,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_VerifyRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, - fwSession, fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_CLOSED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4505,64 +4412,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -) +NSSCKFWC_VerifyRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_VerifyRecover, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, ulSignatureLen, pData, pulDataLen); - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_VerifyRecover, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, ulSignatureLen, pData, pulDataLen); + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4570,64 +4475,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_DigestEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4635,71 +4538,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptDigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptDigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4707,65 +4608,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_SignEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4773,69 +4672,67 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptVerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptVerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4843,106 +4740,104 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_GenerateKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - fwObject = nssCKFWMechanism_GenerateKey( - fwMechanism, - pMechanism, - fwSession, - pTemplate, - ulCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_GenerateKey( + fwMechanism, + pMechanism, + fwSession, + pTemplate, + ulCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4950,121 +4845,119 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateKeyPair -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey -) +NSSCKFWC_GenerateKeyPair( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwPrivateKeyObject; - NSSCKFWObject *fwPublicKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error= nssCKFWMechanism_GenerateKeyPair( - fwMechanism, - pMechanism, - fwSession, - pPublicKeyTemplate, - ulPublicKeyAttributeCount, - pPublicKeyTemplate, - ulPublicKeyAttributeCount, - &fwPublicKeyObject, - &fwPrivateKeyObject); - - nssCKFWMechanism_Destroy(fwMechanism); - if (CKR_OK != error) { - goto loser; - } - *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwPublicKeyObject, - &error); - if (CKR_OK != error) { - goto loser; - } - *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwPrivateKeyObject, - &error); - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwPrivateKeyObject; + NSSCKFWObject *fwPublicKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_GenerateKeyPair( + fwMechanism, + pMechanism, + fwSession, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + &fwPublicKeyObject, + &fwPrivateKeyObject); + + nssCKFWMechanism_Destroy(fwMechanism); + if (CKR_OK != error) { + goto loser; + } + *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPublicKeyObject, + &error); + if (CKR_OK != error) { + goto loser; + } + *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPrivateKeyObject, + &error); + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5072,153 +4965,150 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_WrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen -) +NSSCKFWC_WrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwKeyObject; - NSSCKFWObject *fwWrappingKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - NSSItem wrappedKey; - CK_ULONG wrappedKeyLength = 0; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, - hWrappingKey); - if (!fwWrappingKeyObject) { - error = CKR_WRAPPING_KEY_HANDLE_INVALID; - goto loser; - } - - fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwKeyObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - /* + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwKeyObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + CK_ULONG wrappedKeyLength = 0; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hWrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + /* * first get the length... */ - wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - fwKeyObject, - &error); - if ((CK_ULONG) 0 == wrappedKeyLength) { - nssCKFWMechanism_Destroy(fwMechanism); - goto loser; - } - if ((CK_BYTE_PTR)NULL == pWrappedKey) { - *pulWrappedKeyLen = wrappedKeyLength; - nssCKFWMechanism_Destroy(fwMechanism); - return CKR_OK; - } - if (wrappedKeyLength > *pulWrappedKeyLen) { - *pulWrappedKeyLen = wrappedKeyLength; + wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &error); + if ((CK_ULONG)0 == wrappedKeyLength) { + nssCKFWMechanism_Destroy(fwMechanism); + goto loser; + } + if ((CK_BYTE_PTR)NULL == pWrappedKey) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + return CKR_OK; + } + if (wrappedKeyLength > *pulWrappedKeyLen) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + wrappedKey.data = pWrappedKey; + wrappedKey.size = wrappedKeyLength; + + error = nssCKFWMechanism_WrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &wrappedKey); + nssCKFWMechanism_Destroy(fwMechanism); - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - - wrappedKey.data = pWrappedKey; - wrappedKey.size = wrappedKeyLength; - - error = nssCKFWMechanism_WrapKey( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - fwKeyObject, - &wrappedKey); - - nssCKFWMechanism_Destroy(fwMechanism); - *pulWrappedKeyLen = wrappedKey.size; - - if (CKR_OK == error) { - return CKR_OK; - } + *pulWrappedKeyLen = wrappedKey.size; + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_NOT_WRAPPABLE: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_UNEXTRACTABLE: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_WRAPPING_KEY_HANDLE_INVALID: - case CKR_WRAPPING_KEY_SIZE_RANGE: - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: - break; - case CKR_KEY_TYPE_INCONSISTENT: - error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_NOT_WRAPPABLE: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_UNEXTRACTABLE: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_WRAPPING_KEY_HANDLE_INVALID: + case CKR_WRAPPING_KEY_SIZE_RANGE: + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5226,145 +5116,143 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_UnwrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_UnwrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwWrappingKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - NSSItem wrappedKey; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, - hUnwrappingKey); - if (!fwWrappingKeyObject) { - error = CKR_WRAPPING_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - wrappedKey.data = pWrappedKey; - wrappedKey.size = ulWrappedKeyLen; - - fwObject = nssCKFWMechanism_UnwrapKey( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - &wrappedKey, - pTemplate, - ulAttributeCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hUnwrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + wrappedKey.data = pWrappedKey; + wrappedKey.size = ulWrappedKeyLen; + + fwObject = nssCKFWMechanism_UnwrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + &wrappedKey, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: - case CKR_UNWRAPPING_KEY_SIZE_RANGE: - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: - case CKR_USER_NOT_LOGGED_IN: - case CKR_WRAPPED_KEY_INVALID: - case CKR_WRAPPED_KEY_LEN_RANGE: - break; - case CKR_KEY_HANDLE_INVALID: - error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; - break; - case CKR_KEY_SIZE_RANGE: - error = CKR_UNWRAPPING_KEY_SIZE_RANGE; - break; - case CKR_KEY_TYPE_INCONSISTENT: - error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; - break; - case CKR_ENCRYPTED_DATA_INVALID: - error = CKR_WRAPPED_KEY_INVALID; - break; - case CKR_ENCRYPTED_DATA_LEN_RANGE: - error = CKR_WRAPPED_KEY_LEN_RANGE; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + case CKR_USER_NOT_LOGGED_IN: + case CKR_WRAPPED_KEY_INVALID: + case CKR_WRAPPED_KEY_LEN_RANGE: + break; + case CKR_KEY_HANDLE_INVALID: + error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; + break; + case CKR_KEY_SIZE_RANGE: + error = CKR_UNWRAPPING_KEY_SIZE_RANGE; + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; + break; + case CKR_ENCRYPTED_DATA_INVALID: + error = CKR_WRAPPED_KEY_INVALID; + break; + case CKR_ENCRYPTED_DATA_LEN_RANGE: + error = CKR_WRAPPED_KEY_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5372,119 +5260,117 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DeriveKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_DeriveKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwBaseKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); - if (!fwBaseKeyObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - fwObject = nssCKFWMechanism_DeriveKey( - fwMechanism, - pMechanism, - fwSession, - fwBaseKeyObject, - pTemplate, - ulAttributeCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwBaseKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); + if (!fwBaseKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_DeriveKey( + fwMechanism, + pMechanism, + fwSession, + fwBaseKeyObject, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5492,76 +5378,74 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SeedRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen -) +NSSCKFWC_SeedRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem seed; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* We could read through the buffer in a Purify trap */ - - seed.size = (PRUint32)ulSeedLen; - seed.data = (void *)pSeed; - - error = nssCKFWSession_SeedRandom(fwSession, &seed); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_RANDOM_SEED_NOT_SUPPORTED: - case CKR_RANDOM_NO_RNG: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem seed; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pSeed) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* We could read through the buffer in a Purify trap */ + + seed.size = (PRUint32)ulSeedLen; + seed.data = (void *)pSeed; + + error = nssCKFWSession_SeedRandom(fwSession, &seed); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_SEED_NOT_SUPPORTED: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -5569,78 +5453,76 @@ NSSCKFWC_SeedRandom * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen -) +NSSCKFWC_GenerateRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem buffer; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem buffer; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pRandomData) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* * A purify error here indicates caller error. */ - (void)nsslibc_memset(pRandomData, 0, ulRandomLen); - - buffer.size = (PRUint32)ulRandomLen; - buffer.data = (void *)pRandomData; - - error = nssCKFWSession_GetRandom(fwSession, &buffer); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_RANDOM_NO_RNG: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + (void)nsslibc_memset(pRandomData, 0, ulRandomLen); + + buffer.size = (PRUint32)ulRandomLen; + buffer.data = (void *)pRandomData; + + error = nssCKFWSession_GetRandom(fwSession, &buffer); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -5648,13 +5530,11 @@ NSSCKFWC_GenerateRandom * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetFunctionStatus -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_GetFunctionStatus( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - return CKR_FUNCTION_NOT_PARALLEL; + return CKR_FUNCTION_NOT_PARALLEL; } /* @@ -5662,11 +5542,9 @@ NSSCKFWC_GetFunctionStatus * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CancelFunction -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_CancelFunction( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - return CKR_FUNCTION_NOT_PARALLEL; + return CKR_FUNCTION_NOT_PARALLEL; } |