Tree - source-git/mingw-nss - CentOS Git server

source-git / mingw-nss

Blame nss/lib/pk11wrap/pk11slot.c

Blob History Raw

Packit	40b132	`/* This Source Code Form is subject to the terms of the Mozilla Public`
Packit	40b132	`* License, v. 2.0. If a copy of the MPL was not distributed with this`
Packit	40b132	`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
Packit	40b132	`/*`
Packit	40b132	`* Deal with PKCS #11 Slots.`
Packit	40b132	`*/`
Packit	40b132	`#include "seccomon.h"`
Packit	40b132	`#include "secmod.h"`
Packit	40b132	`#include "nssilock.h"`
Packit	40b132	`#include "secmodi.h"`
Packit	40b132	`#include "secmodti.h"`
Packit	40b132	`#include "pkcs11t.h"`
Packit	40b132	`#include "pk11func.h"`
Packit	40b132	`#include "secitem.h"`
Packit	40b132	`#include "secerr.h"`
Packit	40b132
Packit	40b132	`#include "dev.h"`
Packit	40b132	`#include "dev3hack.h"`
Packit	40b132	`#include "pkim.h"`
Packit	40b132	`#include "utilpars.h"`
Packit	40b132
Packit	40b132
Packit	40b132	`/*************************************************************`
Packit	40b132	`* local static and global data`
Packit	40b132	`*************************************************************/`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* This array helps parsing between names, mechanisms, and flags.`
Packit	40b132	`* to make the config files understand more entries, add them`
Packit	40b132	`* to this table.`
Packit	40b132	`*/`
Packit	40b132	`const PK11DefaultArrayEntry PK11_DefaultArray[] = {`
Packit	40b132	`{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },`
Packit	40b132	`{ "DSA", SECMOD_DSA_FLAG, CKM_DSA },`
Packit	40b132	`{ "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },`
Packit	40b132	`{ "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },`
Packit	40b132	`{ "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },`
Packit	40b132	`{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },`
Packit	40b132	`{ "DES", SECMOD_DES_FLAG, CKM_DES_CBC },`
Packit	40b132	`{ "AES", SECMOD_AES_FLAG, CKM_AES_CBC },`
Packit	40b132	`{ "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },`
Packit	40b132	`{ "SEED", SECMOD_SEED_FLAG, CKM_SEED_CBC },`
Packit	40b132	`{ "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },`
Packit	40b132	`{ "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },`
Packit	40b132	`/* { "SHA224", SECMOD_SHA256_FLAG, CKM_SHA224 }, */`
Packit	40b132	`{ "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 },`
Packit	40b132	`/* { "SHA384", SECMOD_SHA512_FLAG, CKM_SHA384 }, */`
Packit	40b132	`{ "SHA512", SECMOD_SHA512_FLAG, CKM_SHA512 },`
Packit	40b132	`{ "MD5", SECMOD_MD5_FLAG, CKM_MD5 },`
Packit	40b132	`{ "MD2", SECMOD_MD2_FLAG, CKM_MD2 },`
Packit	40b132	`{ "SSL", SECMOD_SSL_FLAG, CKM_SSL3_PRE_MASTER_KEY_GEN },`
Packit	40b132	`{ "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE },`
Packit	40b132	`{ "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 },`
Packit	40b132	`{ "Publicly-readable certs", SECMOD_FRIENDLY_FLAG, CKM_INVALID_MECHANISM },`
Packit	40b132	`{ "Random Num Generator", SECMOD_RANDOM_FLAG, CKM_FAKE_RANDOM },`
Packit	40b132	`};`
Packit	40b132	`const int num_pk11_default_mechanisms =`
Packit	40b132	`sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);`
Packit	40b132
Packit	40b132	`const PK11DefaultArrayEntry *`
Packit	40b132	`PK11_GetDefaultArray(int *size)`
Packit	40b132	`{`
Packit	40b132	`if (size) {`
Packit	40b132	`*size = num_pk11_default_mechanisms;`
Packit	40b132	`}`
Packit	40b132	`return PK11_DefaultArray;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* These slotlists are lists of modules which provide default support for`
Packit	40b132	`* a given algorithm or mechanism.`
Packit	40b132	`*/`
Packit	40b132	`static PK11SlotList`
Packit	40b132	`pk11_seedSlotList,`
Packit	40b132	`pk11_camelliaSlotList,`
Packit	40b132	`pk11_aesSlotList,`
Packit	40b132	`pk11_desSlotList,`
Packit	40b132	`pk11_rc4SlotList,`
Packit	40b132	`pk11_rc2SlotList,`
Packit	40b132	`pk11_rc5SlotList,`
Packit	40b132	`pk11_sha1SlotList,`
Packit	40b132	`pk11_md5SlotList,`
Packit	40b132	`pk11_md2SlotList,`
Packit	40b132	`pk11_rsaSlotList,`
Packit	40b132	`pk11_dsaSlotList,`
Packit	40b132	`pk11_dhSlotList,`
Packit	40b132	`pk11_ecSlotList,`
Packit	40b132	`pk11_ideaSlotList,`
Packit	40b132	`pk11_sslSlotList,`
Packit	40b132	`pk11_tlsSlotList,`
Packit	40b132	`pk11_randomSlotList,`
Packit	40b132	`pk11_sha256SlotList,`
Packit	40b132	`pk11_sha512SlotList; /* slots do SHA512 and SHA384 */`
Packit	40b132
Packit	40b132	`/************************************************************`
Packit	40b132	`* Generic Slot List and Slot List element manipulations`
Packit	40b132	`************************************************************/`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* allocate a new list`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotList *`
Packit	40b132	`PK11_NewSlotList(void)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotList *list;`
Packit	40b132
Packit	40b132	`list = (PK11SlotList *)PORT_Alloc(sizeof(PK11SlotList));`
Packit	40b132	`if (list == NULL) return NULL;`
Packit	40b132	`list->head = NULL;`
Packit	40b132	`list->tail = NULL;`
Packit	40b132	`list->lock = PZ_NewLock(nssILockList);`
Packit	40b132	`if (list->lock == NULL) {`
Packit	40b132	`PORT_Free(list);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return list;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* free a list element when all the references go away.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_FreeSlotListElement(PK11SlotList list, PK11SlotListElement le)`
Packit	40b132	`{`
Packit	40b132	`PRBool freeit = PR_FALSE;`
Packit	40b132
Packit	40b132	`if (list == NULL \|\| le == NULL) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_INVALID_ARGS);`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PZ_Lock(list->lock);`
Packit	40b132	`if (le->refCount-- == 1) {`
Packit	40b132	`freeit = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`PZ_Unlock(list->lock);`
Packit	40b132	`if (freeit) {`
Packit	40b132	`PK11_FreeSlot(le->slot);`
Packit	40b132	`PORT_Free(le);`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`static void`
Packit	40b132	`pk11_FreeSlotListStatic(PK11SlotList *list)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement le, next ;`
Packit	40b132	`if (list == NULL) return;`
Packit	40b132
Packit	40b132	`for (le = list->head ; le; le = next) {`
Packit	40b132	`next = le->next;`
Packit	40b132	`PK11_FreeSlotListElement(list,le);`
Packit	40b132	`}`
Packit	40b132	`if (list->lock) {`
Packit	40b132	`PZ_DestroyLock(list->lock);`
Packit	40b132	`}`
Packit	40b132	`list->lock = NULL;`
Packit	40b132	`list->head = NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* if we are freeing the list, we must be the only ones with a pointer`
Packit	40b132	`* to the list.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`PK11_FreeSlotList(PK11SlotList *list)`
Packit	40b132	`{`
Packit	40b132	`pk11_FreeSlotListStatic(list);`
Packit	40b132	`PORT_Free(list);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* add a slot to a list`
Packit	40b132	`* "slot" is the slot to be added. Ownership is not transferred.`
Packit	40b132	`* "sorted" indicates whether or not the slot should be inserted according to`
Packit	40b132	`* cipherOrder of the associated module. PR_FALSE indicates that the slot`
Packit	40b132	`* should be inserted to the head of the list.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_AddSlotToList(PK11SlotList list,PK11SlotInfo slot, PRBool sorted)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *le;`
Packit	40b132	`PK11SlotListElement *element;`
Packit	40b132
Packit	40b132	`le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement));`
Packit	40b132	`if (le == NULL) return SECFailure;`
Packit	40b132
Packit	40b132	`le->slot = PK11_ReferenceSlot(slot);`
Packit	40b132	`le->prev = NULL;`
Packit	40b132	`le->refCount = 1;`
Packit	40b132	`PZ_Lock(list->lock);`
Packit	40b132	`element = list->head;`
Packit	40b132	`/* Insertion sort, with higher cipherOrders are sorted first in the list */`
Packit	40b132	`while (element && sorted && (element->slot->module->cipherOrder >`
Packit	40b132	`le->slot->module->cipherOrder)) {`
Packit	40b132	`element = element->next;`
Packit	40b132	`}`
Packit	40b132	`if (element) {`
Packit	40b132	`le->prev = element->prev;`
Packit	40b132	`element->prev = le;`
Packit	40b132	`le->next = element;`
Packit	40b132	`} else {`
Packit	40b132	`le->prev = list->tail;`
Packit	40b132	`le->next = NULL;`
Packit	40b132	`list->tail = le;`
Packit	40b132	`}`
Packit	40b132	`if (le->prev) le->prev->next = le;`
Packit	40b132	`if (list->head == element) list->head = le;`
Packit	40b132	`PZ_Unlock(list->lock);`
Packit	40b132
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* remove a slot entry from the list`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_DeleteSlotFromList(PK11SlotList list,PK11SlotListElement le)`
Packit	40b132	`{`
Packit	40b132	`PZ_Lock(list->lock);`
Packit	40b132	`if (le->prev) le->prev->next = le->next; else list->head = le->next;`
Packit	40b132	`if (le->next) le->next->prev = le->prev; else list->tail = le->prev;`
Packit	40b132	`le->next = le->prev = NULL;`
Packit	40b132	`PZ_Unlock(list->lock);`
Packit	40b132	`PK11_FreeSlotListElement(list,le);`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Move a list to the end of the target list.`
Packit	40b132	`* NOTE: There is no locking here... This assumes BOTH lists are private copy`
Packit	40b132	`* lists. It also does not re-sort the target list.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`pk11_MoveListToList(PK11SlotList target,PK11SlotList src)`
Packit	40b132	`{`
Packit	40b132	`if (src->head == NULL) return SECSuccess;`
Packit	40b132
Packit	40b132	`if (target->tail == NULL) {`
Packit	40b132	`target->head = src->head;`
Packit	40b132	`} else {`
Packit	40b132	`target->tail->next = src->head;`
Packit	40b132	`}`
Packit	40b132	`src->head->prev = target->tail;`
Packit	40b132	`target->tail = src->tail;`
Packit	40b132	`src->head = src->tail = NULL;`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* get an element from the list with a reference. You must own the list.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotListElement *`
Packit	40b132	`PK11_GetFirstRef(PK11SlotList *list)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *le;`
Packit	40b132
Packit	40b132	`le = list->head;`
Packit	40b132	`if (le != NULL) (le)->refCount++;`
Packit	40b132	`return le;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* get the next element from the list with a reference. You must own the list.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotListElement *`
Packit	40b132	`PK11_GetNextRef(PK11SlotList list, PK11SlotListElement le, PRBool restart)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *new_le;`
Packit	40b132	`new_le = le->next;`
Packit	40b132	`if (new_le) new_le->refCount++;`
Packit	40b132	`PK11_FreeSlotListElement(list,le);`
Packit	40b132	`return new_le;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* get an element safely from the list. This just makes sure that if`
Packit	40b132	`* this element is not deleted while we deal with it.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotListElement *`
Packit	40b132	`PK11_GetFirstSafe(PK11SlotList *list)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *le;`
Packit	40b132
Packit	40b132	`PZ_Lock(list->lock);`
Packit	40b132	`le = list->head;`
Packit	40b132	`if (le != NULL) (le)->refCount++;`
Packit	40b132	`PZ_Unlock(list->lock);`
Packit	40b132	`return le;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* NOTE: if this element gets deleted, we can no longer safely traverse using`
Packit	40b132	`* it's pointers. We can either terminate the loop, or restart from the`
Packit	40b132	`* beginning. This is controlled by the restart option.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotListElement *`
Packit	40b132	`PK11_GetNextSafe(PK11SlotList list, PK11SlotListElement le, PRBool restart)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *new_le;`
Packit	40b132	`PZ_Lock(list->lock);`
Packit	40b132	`new_le = le->next;`
Packit	40b132	`if (le->next == NULL) {`
Packit	40b132	`/* if the prev and next fields are NULL then either this element`
Packit	40b132	`* has been removed and we need to walk the list again (if restart`
Packit	40b132	`* is true) or this was the only element on the list */`
Packit	40b132	`if ((le->prev == NULL) && restart && (list->head != le)) {`
Packit	40b132	`new_le = list->head;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (new_le) new_le->refCount++;`
Packit	40b132	`PZ_Unlock(list->lock);`
Packit	40b132	`PK11_FreeSlotListElement(list,le);`
Packit	40b132	`return new_le;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Find the element that holds this slot`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotListElement *`
Packit	40b132	`PK11_FindSlotElement(PK11SlotList list,PK11SlotInfo slot)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotListElement *le;`
Packit	40b132
Packit	40b132	`for (le = PK11_GetFirstSafe(list); le;`
Packit	40b132	`le = PK11_GetNextSafe(list,le,PR_TRUE)) {`
Packit	40b132	`if (le->slot == slot) return le;`
Packit	40b132	`}`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/************************************************************`
Packit	40b132	`* Generic Slot Utilities`
Packit	40b132	`************************************************************/`
Packit	40b132	`/*`
Packit	40b132	`* Create a new slot structure`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_NewSlotInfo(SECMODModule *mod)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotInfo *slot;`
Packit	40b132
Packit	40b132	`slot = (PK11SlotInfo *)PORT_Alloc(sizeof(PK11SlotInfo));`
Packit	40b132	`if (slot == NULL) return slot;`
Packit	40b132
Packit	40b132	`slot->sessionLock = mod->isThreadSafe ?`
Packit	40b132	`PZ_NewLock(nssILockSession) : mod->refLock;`
Packit	40b132	`if (slot->sessionLock == NULL) {`
Packit	40b132	`PORT_Free(slot);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132	`slot->freeListLock = PZ_NewLock(nssILockFreelist);`
Packit	40b132	`if (slot->freeListLock == NULL) {`
Packit	40b132	`if (mod->isThreadSafe) {`
Packit	40b132	`PZ_DestroyLock(slot->sessionLock);`
Packit	40b132	`}`
Packit	40b132	`PORT_Free(slot);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132	`slot->freeSymKeysWithSessionHead = NULL;`
Packit	40b132	`slot->freeSymKeysHead = NULL;`
Packit	40b132	`slot->keyCount = 0;`
Packit	40b132	`slot->maxKeyCount = 0;`
Packit	40b132	`slot->functionList = NULL;`
Packit	40b132	`slot->needTest = PR_TRUE;`
Packit	40b132	`slot->isPerm = PR_FALSE;`
Packit	40b132	`slot->isHW = PR_FALSE;`
Packit	40b132	`slot->isInternal = PR_FALSE;`
Packit	40b132	`slot->isThreadSafe = PR_FALSE;`
Packit	40b132	`slot->disabled = PR_FALSE;`
Packit	40b132	`slot->series = 1;`
Packit	40b132	`slot->wrapKey = 0;`
Packit	40b132	`slot->wrapMechanism = CKM_INVALID_MECHANISM;`
Packit	40b132	`slot->refKeys[0] = CK_INVALID_HANDLE;`
Packit	40b132	`slot->reason = PK11_DIS_NONE;`
Packit	40b132	`slot->readOnly = PR_TRUE;`
Packit	40b132	`slot->needLogin = PR_FALSE;`
Packit	40b132	`slot->hasRandom = PR_FALSE;`
Packit	40b132	`slot->defRWSession = PR_FALSE;`
Packit	40b132	`slot->protectedAuthPath = PR_FALSE;`
Packit	40b132	`slot->flags = 0;`
Packit	40b132	`slot->session = CK_INVALID_SESSION;`
Packit	40b132	`slot->slotID = 0;`
Packit	40b132	`slot->defaultFlags = 0;`
Packit	40b132	`slot->refCount = 1;`
Packit	40b132	`slot->askpw = 0;`
Packit	40b132	`slot->timeout = 0;`
Packit	40b132	`slot->mechanismList = NULL;`
Packit	40b132	`slot->mechanismCount = 0;`
Packit	40b132	`slot->cert_array = NULL;`
Packit	40b132	`slot->cert_count = 0;`
Packit	40b132	`slot->slot_name[0] = 0;`
Packit	40b132	`slot->token_name[0] = 0;`
Packit	40b132	`PORT_Memset(slot->serial,' ',sizeof(slot->serial));`
Packit	40b132	`slot->module = NULL;`
Packit	40b132	`slot->authTransact = 0;`
Packit	40b132	`slot->authTime = LL_ZERO;`
Packit	40b132	`slot->minPassword = 0;`
Packit	40b132	`slot->maxPassword = 0;`
Packit	40b132	`slot->hasRootCerts = PR_FALSE;`
Packit	40b132	`slot->nssToken = NULL;`
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* create a new reference to a slot so it doesn't go away */`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_ReferenceSlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`PR_ATOMIC_INCREMENT(&slot->refCount);`
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Destroy all info on a slot we have built up */`
Packit	40b132	`void`
Packit	40b132	`PK11_DestroySlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`/* free up the cached keys and sessions */`
Packit	40b132	`PK11_CleanKeyList(slot);`
Packit	40b132
Packit	40b132	`/* free up all the sessions on this slot */`
Packit	40b132	`if (slot->functionList) {`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if (slot->mechanismList) {`
Packit	40b132	`PORT_Free(slot->mechanismList);`
Packit	40b132	`}`
Packit	40b132	`if (slot->isThreadSafe && slot->sessionLock) {`
Packit	40b132	`PZ_DestroyLock(slot->sessionLock);`
Packit	40b132	`}`
Packit	40b132	`slot->sessionLock = NULL;`
Packit	40b132	`if (slot->freeListLock) {`
Packit	40b132	`PZ_DestroyLock(slot->freeListLock);`
Packit	40b132	`slot->freeListLock = NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* finally Tell our parent module that we've gone away so it can unload */`
Packit	40b132	`if (slot->module) {`
Packit	40b132	`SECMOD_SlotDestroyModule(slot->module,PR_TRUE);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* ok, well not quit finally... now we free the memory */`
Packit	40b132	`PORT_Free(slot);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/* We're all done with the slot, free it */`
Packit	40b132	`void`
Packit	40b132	`PK11_FreeSlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`if (PR_ATOMIC_DECREMENT(&slot->refCount) == 0) {`
Packit	40b132	`PK11_DestroySlot(slot);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`void`
Packit	40b132	`PK11_EnterSlotMonitor(PK11SlotInfo *slot) {`
Packit	40b132	`PZ_Lock(slot->sessionLock);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`void`
Packit	40b132	`PK11_ExitSlotMonitor(PK11SlotInfo *slot) {`
Packit	40b132	`PZ_Unlock(slot->sessionLock);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/***********************************************************`
Packit	40b132	`* Functions to find specific slots.`
Packit	40b132	`***********************************************************/`
Packit	40b132	`PRBool`
Packit	40b132	`SECMOD_HasRootCerts(void)`
Packit	40b132	`{`
Packit	40b132	`SECMODModuleList *mlp;`
Packit	40b132	`SECMODModuleList *modules;`
Packit	40b132	`SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`int i;`
Packit	40b132	`PRBool found = PR_FALSE;`
Packit	40b132
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return found;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* work through all the slots */`
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for(mlp = modules; mlp != NULL; mlp = mlp->next) {`
Packit	40b132	`for (i=0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`PK11SlotInfo *tmpSlot = mlp->module->slots[i];`
Packit	40b132	`if (PK11_IsPresent(tmpSlot)) {`
Packit	40b132	`if (tmpSlot->hasRootCerts) {`
Packit	40b132	`found = PR_TRUE;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (found) break;`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`return found;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/***********************************************************`
Packit	40b132	`* Functions to find specific slots.`
Packit	40b132	`***********************************************************/`
Packit	40b132	`PK11SlotList *`
Packit	40b132	`PK11_FindSlotsByNames(const char dllName, const char slotName,`
Packit	40b132	`const char* tokenName, PRBool presentOnly)`
Packit	40b132	`{`
Packit	40b132	`SECMODModuleList *mlp;`
Packit	40b132	`SECMODModuleList *modules;`
Packit	40b132	`SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`int i;`
Packit	40b132	`PK11SlotList* slotList = NULL;`
Packit	40b132	`PRUint32 slotcount = 0;`
Packit	40b132	`SECStatus rv = SECSuccess;`
Packit	40b132
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return slotList;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`slotList = PK11_NewSlotList();`
Packit	40b132	`if (!slotList) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_MEMORY);`
Packit	40b132	`return slotList;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if ( ((NULL == dllName) \|\| (0 == *dllName)) &&`
Packit	40b132	`((NULL == slotName) \|\| (0 == *slotName)) &&`
Packit	40b132	`((NULL == tokenName) \|\| (0 == *tokenName)) ) {`
Packit	40b132	`/* default to softoken */`
Packit	40b132	`PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot(), PR_TRUE);`
Packit	40b132	`return slotList;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* work through all the slots */`
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for (mlp = modules; mlp != NULL; mlp = mlp->next) {`
Packit	40b132	`PORT_Assert(mlp->module);`
Packit	40b132	`if (!mlp->module) {`
Packit	40b132	`rv = SECFailure;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`if ((!dllName) \|\| (mlp->module->dllName &&`
Packit	40b132	`(0 == PORT_Strcmp(mlp->module->dllName, dllName)))) {`
Packit	40b132	`for (i=0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`PK11SlotInfo *tmpSlot = (mlp->module->slots?mlp->module->slots[i]:NULL);`
Packit	40b132	`PORT_Assert(tmpSlot);`
Packit	40b132	`if (!tmpSlot) {`
Packit	40b132	`rv = SECFailure;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`if ((PR_FALSE == presentOnly \|\| PK11_IsPresent(tmpSlot)) &&`
Packit	40b132	`( (!tokenName) \|\| (tmpSlot->token_name &&`
Packit	40b132	`(0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) &&`
Packit	40b132	`( (!slotName) \|\| (tmpSlot->slot_name &&`
Packit	40b132	`(0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {`
Packit	40b132	`if (tmpSlot) {`
Packit	40b132	`PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);`
Packit	40b132	`slotcount++;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`if ( (0 == slotcount) \|\| (SECFailure == rv) ) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_TOKEN);`
Packit	40b132	`PK11_FreeSlotList(slotList);`
Packit	40b132	`slotList = NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if (SECFailure == rv) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return slotList;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_FindSlotByName(const char *name)`
Packit	40b132	`{`
Packit	40b132	`SECMODModuleList *mlp;`
Packit	40b132	`SECMODModuleList *modules;`
Packit	40b132	`SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`int i;`
Packit	40b132	`PK11SlotInfo *slot = NULL;`
Packit	40b132
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132	`if ((name == NULL) \|\| (*name == 0)) {`
Packit	40b132	`return PK11_GetInternalKeySlot();`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* work through all the slots */`
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for(mlp = modules; mlp != NULL; mlp = mlp->next) {`
Packit	40b132	`for (i=0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`PK11SlotInfo *tmpSlot = mlp->module->slots[i];`
Packit	40b132	`if (PK11_IsPresent(tmpSlot)) {`
Packit	40b132	`if (PORT_Strcmp(tmpSlot->token_name,name) == 0) {`
Packit	40b132	`slot = PK11_ReferenceSlot(tmpSlot);`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (slot != NULL) break;`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`if (slot == NULL) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_TOKEN);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_FindSlotBySerial(char *serial)`
Packit	40b132	`{`
Packit	40b132	`SECMODModuleList *mlp;`
Packit	40b132	`SECMODModuleList *modules;`
Packit	40b132	`SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`int i;`
Packit	40b132	`PK11SlotInfo *slot = NULL;`
Packit	40b132
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132	`/* work through all the slots */`
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for(mlp = modules; mlp != NULL; mlp = mlp->next) {`
Packit	40b132	`for (i=0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`PK11SlotInfo *tmpSlot = mlp->module->slots[i];`
Packit	40b132	`if (PK11_IsPresent(tmpSlot)) {`
Packit	40b132	`if (PORT_Memcmp(tmpSlot->serial,serial,`
Packit	40b132	`sizeof(tmpSlot->serial)) == 0) {`
Packit	40b132	`slot = PK11_ReferenceSlot(tmpSlot);`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (slot != NULL) break;`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`if (slot == NULL) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_TOKEN);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* notification stub. If we ever get interested in any events that`
Packit	40b132	`* the pkcs11 functions may pass back to use, we can catch them here...`
Packit	40b132	`* currently pdata is a slotinfo structure.`
Packit	40b132	`*/`
Packit	40b132	`CK_RV pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,`
Packit	40b132	`CK_VOID_PTR pdata)`
Packit	40b132	`{`
Packit	40b132	`return CKR_OK;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* grab a new RW session`
Packit	40b132	`* !!! has a side effect of grabbing the Monitor if either the slot's default`
Packit	40b132	`* session is RW or the slot is not thread safe. Monitor is release in function`
Packit	40b132	`* below`
Packit	40b132	`*/`
Packit	40b132	`CK_SESSION_HANDLE PK11_GetRWSession(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`CK_SESSION_HANDLE rwsession;`
Packit	40b132	`CK_RV crv;`
Packit	40b132	`PRBool haveMonitor = PR_FALSE;`
Packit	40b132
Packit	40b132	`if (!slot->isThreadSafe \|\| slot->defRWSession) {`
Packit	40b132	`PK11_EnterSlotMonitor(slot);`
Packit	40b132	`haveMonitor = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`if (slot->defRWSession) {`
Packit	40b132	`PORT_Assert(slot->session != CK_INVALID_SESSION);`
Packit	40b132	`if (slot->session != CK_INVALID_SESSION)`
Packit	40b132	`return slot->session;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,`
Packit	40b132	`CKF_RW_SESSION\|CKF_SERIAL_SESSION,`
Packit	40b132	`slot, pk11_notify,&rwsession);`
Packit	40b132	`PORT_Assert(rwsession != CK_INVALID_SESSION \|\| crv != CKR_OK);`
Packit	40b132	`if (crv != CKR_OK \|\| rwsession == CK_INVALID_SESSION) {`
Packit	40b132	`if (crv == CKR_OK)`
Packit	40b132	`crv = CKR_DEVICE_ERROR;`
Packit	40b132	`if (haveMonitor)`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return CK_INVALID_SESSION;`
Packit	40b132	`}`
Packit	40b132	`if (slot->defRWSession) { /* we have the monitor */`
Packit	40b132	`slot->session = rwsession;`
Packit	40b132	`}`
Packit	40b132	`return rwsession;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_RWSessionHasLock(PK11SlotInfo *slot,CK_SESSION_HANDLE session_handle)`
Packit	40b132	`{`
Packit	40b132	`PRBool hasLock;`
Packit	40b132	`hasLock = (PRBool)(!slot->isThreadSafe \|\|`
Packit	40b132	`(slot->defRWSession && slot->session != CK_INVALID_SESSION));`
Packit	40b132	`return hasLock;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`static PRBool`
Packit	40b132	`pk11_RWSessionIsDefault(PK11SlotInfo *slot,CK_SESSION_HANDLE rwsession)`
Packit	40b132	`{`
Packit	40b132	`PRBool isDefault;`
Packit	40b132	`isDefault = (PRBool)(slot->session == rwsession &&`
Packit	40b132	`slot->defRWSession &&`
Packit	40b132	`slot->session != CK_INVALID_SESSION);`
Packit	40b132	`return isDefault;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* close the rwsession and restore our readonly session`
Packit	40b132	`* !!! has a side effect of releasing the Monitor if either the slot's default`
Packit	40b132	`* session is RW or the slot is not thread safe.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`PK11_RestoreROSession(PK11SlotInfo *slot,CK_SESSION_HANDLE rwsession)`
Packit	40b132	`{`
Packit	40b132	`PORT_Assert(rwsession != CK_INVALID_SESSION);`
Packit	40b132	`if (rwsession != CK_INVALID_SESSION) {`
Packit	40b132	`PRBool doExit = PK11_RWSessionHasLock(slot, rwsession);`
Packit	40b132	`if (!pk11_RWSessionIsDefault(slot, rwsession))`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseSession(rwsession);`
Packit	40b132	`if (doExit)`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/************************************************************`
Packit	40b132	`* Manage the built-In Slot Lists`
Packit	40b132	`************************************************************/`
Packit	40b132
Packit	40b132	`/* Init the static built int slot list (should actually integrate`
Packit	40b132	`* with PK11_NewSlotList */`
Packit	40b132	`static void`
Packit	40b132	`pk11_InitSlotListStatic(PK11SlotList *list)`
Packit	40b132	`{`
Packit	40b132	`list->lock = PZ_NewLock(nssILockList);`
Packit	40b132	`list->head = NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/* initialize the system slotlists */`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_InitSlotLists(void)`
Packit	40b132	`{`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_seedSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_camelliaSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_aesSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_desSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_rc4SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_rc2SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_rc5SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_md5SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_md2SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_sha1SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_rsaSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_dsaSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_dhSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_ecSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_ideaSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_sslSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_tlsSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_randomSlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_sha256SlotList);`
Packit	40b132	`pk11_InitSlotListStatic(&pk11_sha512SlotList);`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`void`
Packit	40b132	`PK11_DestroySlotLists(void)`
Packit	40b132	`{`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_seedSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_camelliaSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_aesSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_desSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_rc4SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_rc2SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_rc5SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_md5SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_md2SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_sha1SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_rsaSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_dsaSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_dhSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_ecSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_ideaSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_sslSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_tlsSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_randomSlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_sha256SlotList);`
Packit	40b132	`pk11_FreeSlotListStatic(&pk11_sha512SlotList);`
Packit	40b132	`return;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* return a system slot list based on mechanism */`
Packit	40b132	`PK11SlotList *`
Packit	40b132	`PK11_GetSlotList(CK_MECHANISM_TYPE type)`
Packit	40b132	`{`
Packit	40b132	`/* XXX a workaround for Bugzilla bug #55267 */`
Packit	40b132	`#if defined(HPUX) && defined(__LP64__)`
Packit	40b132	`if (CKM_INVALID_MECHANISM == type)`
Packit	40b132	`return NULL;`
Packit	40b132	`#endif`
Packit	40b132	`switch (type) {`
Packit	40b132	`case CKM_SEED_CBC:`
Packit	40b132	`case CKM_SEED_ECB:`
Packit	40b132	`return &pk11_seedSlotList;`
Packit	40b132	`case CKM_CAMELLIA_CBC:`
Packit	40b132	`case CKM_CAMELLIA_ECB:`
Packit	40b132	`return &pk11_camelliaSlotList;`
Packit	40b132	`case CKM_AES_CBC:`
Packit	40b132	`case CKM_AES_CCM:`
Packit	40b132	`case CKM_AES_CTR:`
Packit	40b132	`case CKM_AES_CTS:`
Packit	40b132	`case CKM_AES_GCM:`
Packit	40b132	`case CKM_AES_ECB:`
Packit	40b132	`return &pk11_aesSlotList;`
Packit	40b132	`case CKM_DES_CBC:`
Packit	40b132	`case CKM_DES_ECB:`
Packit	40b132	`case CKM_DES3_ECB:`
Packit	40b132	`case CKM_DES3_CBC:`
Packit	40b132	`return &pk11_desSlotList;`
Packit	40b132	`case CKM_RC4:`
Packit	40b132	`return &pk11_rc4SlotList;`
Packit	40b132	`case CKM_RC5_CBC:`
Packit	40b132	`return &pk11_rc5SlotList;`
Packit	40b132	`case CKM_SHA_1:`
Packit	40b132	`return &pk11_sha1SlotList;`
Packit	40b132	`case CKM_SHA224:`
Packit	40b132	`case CKM_SHA256:`
Packit	40b132	`return &pk11_sha256SlotList;`
Packit	40b132	`case CKM_SHA384:`
Packit	40b132	`case CKM_SHA512:`
Packit	40b132	`return &pk11_sha512SlotList;`
Packit	40b132	`case CKM_MD5:`
Packit	40b132	`return &pk11_md5SlotList;`
Packit	40b132	`case CKM_MD2:`
Packit	40b132	`return &pk11_md2SlotList;`
Packit	40b132	`case CKM_RC2_ECB:`
Packit	40b132	`case CKM_RC2_CBC:`
Packit	40b132	`return &pk11_rc2SlotList;`
Packit	40b132	`case CKM_RSA_PKCS:`
Packit	40b132	`case CKM_RSA_PKCS_KEY_PAIR_GEN:`
Packit	40b132	`case CKM_RSA_X_509:`
Packit	40b132	`return &pk11_rsaSlotList;`
Packit	40b132	`case CKM_DSA:`
Packit	40b132	`return &pk11_dsaSlotList;`
Packit	40b132	`case CKM_DH_PKCS_KEY_PAIR_GEN:`
Packit	40b132	`case CKM_DH_PKCS_DERIVE:`
Packit	40b132	`return &pk11_dhSlotList;`
Packit	40b132	`case CKM_ECDSA:`
Packit	40b132	`case CKM_ECDSA_SHA1:`
Packit	40b132	`case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */`
Packit	40b132	`case CKM_ECDH1_DERIVE:`
Packit	40b132	`return &pk11_ecSlotList;`
Packit	40b132	`case CKM_SSL3_PRE_MASTER_KEY_GEN:`
Packit	40b132	`case CKM_SSL3_MASTER_KEY_DERIVE:`
Packit	40b132	`case CKM_SSL3_SHA1_MAC:`
Packit	40b132	`case CKM_SSL3_MD5_MAC:`
Packit	40b132	`return &pk11_sslSlotList;`
Packit	40b132	`case CKM_TLS_MASTER_KEY_DERIVE:`
Packit	40b132	`case CKM_TLS_KEY_AND_MAC_DERIVE:`
Packit	40b132	`case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:`
Packit	40b132	`return &pk11_tlsSlotList;`
Packit	40b132	`case CKM_IDEA_CBC:`
Packit	40b132	`case CKM_IDEA_ECB:`
Packit	40b132	`return &pk11_ideaSlotList;`
Packit	40b132	`case CKM_FAKE_RANDOM:`
Packit	40b132	`return &pk11_randomSlotList;`
Packit	40b132	`}`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* load the static SlotInfo structures used to select a PKCS11 slot.`
Packit	40b132	`* preSlotInfo has a list of all the default flags for the slots on this`
Packit	40b132	`* module.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`PK11_LoadSlotList(PK11SlotInfo slot, PK11PreSlotInfo psi, int count)`
Packit	40b132	`{`
Packit	40b132	`int i;`
Packit	40b132
Packit	40b132	`for (i=0; i < count; i++) {`
Packit	40b132	`if (psi[i].slotID == slot->slotID)`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if (i == count) return;`
Packit	40b132
Packit	40b132	`slot->defaultFlags = psi[i].defaultFlags;`
Packit	40b132	`slot->askpw = psi[i].askpw;`
Packit	40b132	`slot->timeout = psi[i].timeout;`
Packit	40b132	`slot->hasRootCerts = psi[i].hasRootCerts;`
Packit	40b132
Packit	40b132	`/* if the slot is already disabled, don't load them into the`
Packit	40b132	`* default slot lists. We get here so we can save the default`
Packit	40b132	`* list value. */`
Packit	40b132	`if (slot->disabled) return;`
Packit	40b132
Packit	40b132	`/* if the user has disabled us, don't load us in */`
Packit	40b132	`if (slot->defaultFlags & PK11_DISABLE_FLAG) {`
Packit	40b132	`slot->disabled = PR_TRUE;`
Packit	40b132	`slot->reason = PK11_DIS_USER_SELECTED;`
Packit	40b132	`/* free up sessions and things?? */`
Packit	40b132	`return;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`for (i=0; i < num_pk11_default_mechanisms; i++) {`
Packit	40b132	`if (slot->defaultFlags & PK11_DefaultArray[i].flag) {`
Packit	40b132	`CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;`
Packit	40b132	`PK11SlotList *slotList = PK11_GetSlotList(mechanism);`
Packit	40b132
Packit	40b132	`if (slotList) PK11_AddSlotToList(slotList,slot,PR_FALSE);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* update a slot to its new attribute according to the slot list`
Packit	40b132	`* returns: SECSuccess if nothing to do or add/delete is successful`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_UpdateSlotAttribute(PK11SlotInfo *slot,`
Packit	40b132	`const PK11DefaultArrayEntry *entry,`
Packit	40b132	`PRBool add)`
Packit	40b132	`/* add: PR_TRUE if want to turn on */`
Packit	40b132	`{`
Packit	40b132	`SECStatus result = SECSuccess;`
Packit	40b132	`PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);`
Packit	40b132
Packit	40b132	`if (add) { /* trying to turn on a mechanism */`
Packit	40b132
Packit	40b132	`/* turn on the default flag in the slot */`
Packit	40b132	`slot->defaultFlags \|= entry->flag;`
Packit	40b132
Packit	40b132	`/* add this slot to the list */`
Packit	40b132	`if (slotList!=NULL)`
Packit	40b132	`result = PK11_AddSlotToList(slotList, slot, PR_FALSE);`
Packit	40b132
Packit	40b132	`} else { /* trying to turn off */`
Packit	40b132
Packit	40b132	`/* turn OFF the flag in the slot */`
Packit	40b132	`slot->defaultFlags &= ~entry->flag;`
Packit	40b132
Packit	40b132	`if (slotList) {`
Packit	40b132	`/* find the element in the list & delete it */`
Packit	40b132	`PK11SlotListElement *le = PK11_FindSlotElement(slotList, slot);`
Packit	40b132
Packit	40b132	`/* remove the slot from the list */`
Packit	40b132	`if (le)`
Packit	40b132	`result = PK11_DeleteSlotFromList(slotList, le);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`return result;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* clear a slot off of all of it's default list`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`PK11_ClearSlotList(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`int i;`
Packit	40b132
Packit	40b132	`if (slot->disabled) return;`
Packit	40b132	`if (slot->defaultFlags == 0) return;`
Packit	40b132
Packit	40b132	`for (i=0; i < num_pk11_default_mechanisms; i++) {`
Packit	40b132	`if (slot->defaultFlags & PK11_DefaultArray[i].flag) {`
Packit	40b132	`CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;`
Packit	40b132	`PK11SlotList *slotList = PK11_GetSlotList(mechanism);`
Packit	40b132	`PK11SlotListElement *le = NULL;`
Packit	40b132
Packit	40b132	`if (slotList) le = PK11_FindSlotElement(slotList,slot);`
Packit	40b132
Packit	40b132	`if (le) {`
Packit	40b132	`PK11_DeleteSlotFromList(slotList,le);`
Packit	40b132	`PK11_FreeSlotListElement(slotList,le);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/******************************************************************`
Packit	40b132	`* Slot initialization`
Packit	40b132	`******************************************************************/`
Packit	40b132	`/*`
Packit	40b132	`* turn a PKCS11 Static Label into a string`
Packit	40b132	`*/`
Packit	40b132	`char *`
Packit	40b132	`PK11_MakeString(PLArenaPool arena,char space,`
Packit	40b132	`char *staticString,int stringLen)`
Packit	40b132	`{`
Packit	40b132	`int i;`
Packit	40b132	`char *newString;`
Packit	40b132	`for(i=(stringLen-1); i >= 0; i--) {`
Packit	40b132	`if (staticString[i] != ' ') break;`
Packit	40b132	`}`
Packit	40b132	`/* move i to point to the last space */`
Packit	40b132	`i++;`
Packit	40b132	`if (arena) {`
Packit	40b132	`newString = (char)PORT_ArenaAlloc(arena,i+1 / space for NULL */);`
Packit	40b132	`} else if (space) {`
Packit	40b132	`newString = space;`
Packit	40b132	`} else {`
Packit	40b132	`newString = (char)PORT_Alloc(i+1 / space for NULL */);`
Packit	40b132	`}`
Packit	40b132	`if (newString == NULL) return NULL;`
Packit	40b132
Packit	40b132	`if (i) PORT_Memcpy(newString,staticString, i);`
Packit	40b132	`newString[i] = 0;`
Packit	40b132
Packit	40b132	`return newString;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Reads in the slots mechanism list for later use`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_ReadMechanismList(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`CK_ULONG count;`
Packit	40b132	`CK_RV crv;`
Packit	40b132	`PRUint32 i;`
Packit	40b132
Packit	40b132	`if (slot->mechanismList) {`
Packit	40b132	`PORT_Free(slot->mechanismList);`
Packit	40b132	`slot->mechanismList = NULL;`
Packit	40b132	`}`
Packit	40b132	`slot->mechanismCount = 0;`
Packit	40b132
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`slot->mechanismList = (CK_MECHANISM_TYPE *)`
Packit	40b132	`PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));`
Packit	40b132	`if (slot->mechanismList == NULL) {`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,`
Packit	40b132	`slot->mechanismList, &count);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_Free(slot->mechanismList);`
Packit	40b132	`slot->mechanismList = NULL;`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132	`slot->mechanismCount = count;`
Packit	40b132	`PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits));`
Packit	40b132
Packit	40b132	`for (i=0; i < count; i++) {`
Packit	40b132	`CK_MECHANISM_TYPE mech = slot->mechanismList[i];`
Packit	40b132	`if (mech < 0x7ff) {`
Packit	40b132	`slot->mechanismBits[mech & 0xff] \|= 1 << (mech >> 8);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* initialize a new token`
Packit	40b132	`* unlike initialize slot, this can be called multiple times in the lifetime`
Packit	40b132	`* of NSS. It reads the information associated with a card or token,`
Packit	40b132	`* that is not going to change unless the card or token changes.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)`
Packit	40b132	`{`
Packit	40b132	`CK_TOKEN_INFO tokenInfo;`
Packit	40b132	`CK_RV crv;`
Packit	40b132	`char *tmp;`
Packit	40b132	`SECStatus rv;`
Packit	40b132	`PRStatus status;`
Packit	40b132
Packit	40b132	`/* set the slot flags to the current token values */`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* set the slot flags to the current token values */`
Packit	40b132	`slot->series++; /* allow other objects to detect that the`
Packit	40b132	`* slot is different */`
Packit	40b132	`slot->flags = tokenInfo.flags;`
Packit	40b132	`slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ?`
Packit	40b132	`PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ?`
Packit	40b132	`PR_TRUE : PR_FALSE);`
Packit	40b132
Packit	40b132
Packit	40b132	`slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->protectedAuthPath =`
Packit	40b132	`((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)`
Packit	40b132	`? PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->lastLoginCheck = 0;`
Packit	40b132	`slot->lastState = 0;`
Packit	40b132	`/* on some platforms Active Card incorrectly sets the`
Packit	40b132	`* CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */`
Packit	40b132	`if (slot->isActiveCard) {`
Packit	40b132	`slot->protectedAuthPath = PR_FALSE;`
Packit	40b132	`}`
Packit	40b132	`tmp = PK11_MakeString(NULL,slot->token_name,`
Packit	40b132	`(char *)tokenInfo.label, sizeof(tokenInfo.label));`
Packit	40b132	`slot->minPassword = tokenInfo.ulMinPinLen;`
Packit	40b132	`slot->maxPassword = tokenInfo.ulMaxPinLen;`
Packit	40b132	`PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));`
Packit	40b132
Packit	40b132	`nssToken_UpdateName(slot->nssToken);`
Packit	40b132
Packit	40b132	`slot->defRWSession = (PRBool)((!slot->readOnly) &&`
Packit	40b132	`(tokenInfo.ulMaxSessionCount == 1));`
Packit	40b132	`rv = PK11_ReadMechanismList(slot);`
Packit	40b132	`if (rv != SECSuccess) return rv;`
Packit	40b132
Packit	40b132	`slot->hasRSAInfo = PR_FALSE;`
Packit	40b132	`slot->RSAInfoFlags = 0;`
Packit	40b132
Packit	40b132	`/* initialize the maxKeyCount value */`
Packit	40b132	`if (tokenInfo.ulMaxSessionCount == 0) {`
Packit	40b132	`slot->maxKeyCount = 800; /* should be #define or a config param */`
Packit	40b132	`} else if (tokenInfo.ulMaxSessionCount < 20) {`
Packit	40b132	`/* don't have enough sessions to keep that many keys around */`
Packit	40b132	`slot->maxKeyCount = 0;`
Packit	40b132	`} else {`
Packit	40b132	`slot->maxKeyCount = tokenInfo.ulMaxSessionCount/2;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Make sure our session handle is valid */`
Packit	40b132	`if (slot->session == CK_INVALID_SESSION) {`
Packit	40b132	`/* we know we don't have a valid session, go get one */`
Packit	40b132	`CK_SESSION_HANDLE session;`
Packit	40b132
Packit	40b132	`/* session should be Readonly, serial */`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,`
Packit	40b132	`(slot->defRWSession ? CKF_RW_SESSION : 0) \| CKF_SERIAL_SESSION,`
Packit	40b132	`slot,pk11_notify,&session);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`slot->session = session;`
Packit	40b132	`} else {`
Packit	40b132	`/* The session we have may be defunct (the token associated with it)`
Packit	40b132	`* has been removed */`
Packit	40b132	`CK_SESSION_INFO sessionInfo;`
Packit	40b132
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);`
Packit	40b132	`if (crv == CKR_DEVICE_ERROR) {`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseSession(slot->session);`
Packit	40b132	`crv = CKR_SESSION_CLOSED;`
Packit	40b132	`}`
Packit	40b132	`if ((crv==CKR_SESSION_CLOSED) \|\| (crv==CKR_SESSION_HANDLE_INVALID)) {`
Packit	40b132	`crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID,`
Packit	40b132	`(slot->defRWSession ? CKF_RW_SESSION : 0) \| CKF_SERIAL_SESSION,`
Packit	40b132	`slot,pk11_notify,&slot->session);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`slot->session = CK_INVALID_SESSION;`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`status = nssToken_Refresh(slot->nssToken);`
Packit	40b132	`if (status != PR_SUCCESS)`
Packit	40b132	`return SECFailure;`
Packit	40b132
Packit	40b132	`if (!(slot->isInternal) && (slot->hasRandom)) {`
Packit	40b132	`/* if this slot has a random number generater, use it to add entropy`
Packit	40b132	`* to the internal slot. */`
Packit	40b132	`PK11SlotInfo *int_slot = PK11_GetInternalSlot();`
Packit	40b132
Packit	40b132	`if (int_slot) {`
Packit	40b132	`unsigned char random_bytes[32];`
Packit	40b132
Packit	40b132	`/* if this slot can issue random numbers, get some entropy from`
Packit	40b132	`* that random number generater and give it to our internal token.`
Packit	40b132	`*/`
Packit	40b132	`PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GenerateRandom`
Packit	40b132	`(slot->session,random_bytes, sizeof(random_bytes));`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv == CKR_OK) {`
Packit	40b132	`PK11_EnterSlotMonitor(int_slot);`
Packit	40b132	`PK11_GETTAB(int_slot)->C_SeedRandom(int_slot->session,`
Packit	40b132	`random_bytes, sizeof(random_bytes));`
Packit	40b132	`PK11_ExitSlotMonitor(int_slot);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Now return the favor and send entropy to the token's random`
Packit	40b132	`* number generater */`
Packit	40b132	`PK11_EnterSlotMonitor(int_slot);`
Packit	40b132	`crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session,`
Packit	40b132	`random_bytes, sizeof(random_bytes));`
Packit	40b132	`PK11_ExitSlotMonitor(int_slot);`
Packit	40b132	`if (crv == CKR_OK) {`
Packit	40b132	`PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session,`
Packit	40b132	`random_bytes, sizeof(random_bytes));`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`}`
Packit	40b132	`PK11_FreeSlot(int_slot);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`/* work around a problem in softoken where it incorrectly`
Packit	40b132	`* reports databases opened read only as read/write. */`
Packit	40b132	`if (slot->isInternal && !slot->readOnly) {`
Packit	40b132	`CK_SESSION_HANDLE session = CK_INVALID_SESSION;`
Packit	40b132
Packit	40b132	`/* try to open a R/W session */`
Packit	40b132	`crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID,`
Packit	40b132	`CKF_RW_SESSION\|CKF_SERIAL_SESSION, slot, pk11_notify ,&session);`
Packit	40b132	`/* what a well behaved token should return if you open`
Packit	40b132	`* a RW session on a read only token */`
Packit	40b132	`if (crv == CKR_TOKEN_WRITE_PROTECTED) {`
Packit	40b132	`slot->readOnly = PR_TRUE;`
Packit	40b132	`} else if (crv == CKR_OK) {`
Packit	40b132	`CK_SESSION_INFO sessionInfo;`
Packit	40b132
Packit	40b132	`/* Because of a second bug in softoken, which silently returns`
Packit	40b132	`* a RO session, we need to check what type of session we got. */`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetSessionInfo(session, &sessionInfo);`
Packit	40b132	`if (crv == CKR_OK) {`
Packit	40b132	`if ((sessionInfo.flags & CKF_RW_SESSION) == 0) {`
Packit	40b132	`/* session was readonly, so this softoken slot must be * readonly */`
Packit	40b132	`slot->readOnly = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseSession(session);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* initialize a new token`
Packit	40b132	`* unlike initialize slot, this can be called multiple times in the lifetime`
Packit	40b132	`* of NSS. It reads the information associated with a card or token,`
Packit	40b132	`* that is not going to change unless the card or token changes.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_TokenRefresh(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`CK_TOKEN_INFO tokenInfo;`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`/* set the slot flags to the current token values */`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`slot->flags = tokenInfo.flags;`
Packit	40b132	`slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ?`
Packit	40b132	`PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ?`
Packit	40b132	`PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);`
Packit	40b132	`slot->protectedAuthPath =`
Packit	40b132	`((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)`
Packit	40b132	`? PR_TRUE : PR_FALSE);`
Packit	40b132	`/* on some platforms Active Card incorrectly sets the`
Packit	40b132	`* CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */`
Packit	40b132	`if (slot->isActiveCard) {`
Packit	40b132	`slot->protectedAuthPath = PR_FALSE;`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`static PRBool`
Packit	40b132	`pk11_isRootSlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`CK_ATTRIBUTE findTemp[1];`
Packit	40b132	`CK_ATTRIBUTE *attrs;`
Packit	40b132	`CK_OBJECT_CLASS oclass = CKO_NETSCAPE_BUILTIN_ROOT_LIST;`
Packit	40b132	`int tsize;`
Packit	40b132	`CK_OBJECT_HANDLE handle;`
Packit	40b132
Packit	40b132	`attrs = findTemp;`
Packit	40b132	`PK11_SETATTRS(attrs, CKA_CLASS, &oclass, sizeof(oclass)); attrs++;`
Packit	40b132	`tsize = attrs - findTemp;`
Packit	40b132	`PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));`
Packit	40b132
Packit	40b132	`handle = pk11_FindObjectByTemplate(slot,findTemp,tsize);`
Packit	40b132	`if (handle == CK_INVALID_HANDLE) {`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Initialize the slot :`
Packit	40b132	`* This initialization code is called on each slot a module supports when`
Packit	40b132	`* it is loaded. It does the bringup initialization. The difference between`
Packit	40b132	`* this and InitToken is Init slot does those one time initialization stuff,`
Packit	40b132	`* usually associated with the reader, while InitToken may get called multiple`
Packit	40b132	`* times as tokens are removed and re-inserted.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`PK11_InitSlot(SECMODModule mod, CK_SLOT_ID slotID, PK11SlotInfo slot)`
Packit	40b132	`{`
Packit	40b132	`SECStatus rv;`
Packit	40b132	`char *tmp;`
Packit	40b132	`CK_SLOT_INFO slotInfo;`
Packit	40b132
Packit	40b132	`slot->functionList = mod->functionList;`
Packit	40b132	`slot->isInternal = mod->internal;`
Packit	40b132	`slot->slotID = slotID;`
Packit	40b132	`slot->isThreadSafe = mod->isThreadSafe;`
Packit	40b132	`slot->hasRSAInfo = PR_FALSE;`
Packit	40b132
Packit	40b132	`if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID,&slotInfo) != CKR_OK) {`
Packit	40b132	`slot->disabled = PR_TRUE;`
Packit	40b132	`slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;`
Packit	40b132	`return;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* test to make sure claimed mechanism work */`
Packit	40b132	`slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;`
Packit	40b132	`slot->module = mod; /* NOTE: we don't make a reference here because`
Packit	40b132	`* modules have references to their slots. This`
Packit	40b132	`* works because modules keep implicit references`
Packit	40b132	`* from their slots, and won't unload and disappear`
Packit	40b132	`* until all their slots have been freed */`
Packit	40b132	`tmp = PK11_MakeString(NULL,slot->slot_name,`
Packit	40b132	`(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));`
Packit	40b132	`slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);`
Packit	40b132	`#define ACTIVE_CARD "ActivCard SA"`
Packit	40b132	`slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID,`
Packit	40b132	`ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0);`
Packit	40b132	`if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) {`
Packit	40b132	`slot->isPerm = PR_TRUE;`
Packit	40b132	`/* permanment slots must have the token present always */`
Packit	40b132	`if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {`
Packit	40b132	`slot->disabled = PR_TRUE;`
Packit	40b132	`slot->reason = PK11_DIS_TOKEN_NOT_PRESENT;`
Packit	40b132	`return; /* nothing else to do */`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`/* if the token is present, initialize it */`
Packit	40b132	`if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) {`
Packit	40b132	`rv = PK11_InitToken(slot,PR_TRUE);`
Packit	40b132	`/* the only hard failures are on permanent devices, or function`
Packit	40b132	`* verify failures... function verify failures are already handled`
Packit	40b132	`* by tokenInit */`
Packit	40b132	`if ((rv != SECSuccess) && (slot->isPerm) && (!slot->disabled)) {`
Packit	40b132	`slot->disabled = PR_TRUE;`
Packit	40b132	`slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;`
Packit	40b132	`}`
Packit	40b132	`if (rv == SECSuccess && pk11_isRootSlot(slot)) {`
Packit	40b132	`if (!slot->hasRootCerts) {`
Packit	40b132	`slot->module->trustOrder = 100;`
Packit	40b132	`}`
Packit	40b132	`slot->hasRootCerts= PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132
Packit	40b132	`/*********************************************************************`
Packit	40b132	`* Slot mapping utility functions.`
Packit	40b132	`*********************************************************************/`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* determine if the token is present. If the token is present, make sure`
Packit	40b132	`* we have a valid session handle. Also set the value of needLogin`
Packit	40b132	`* appropriately.`
Packit	40b132	`*/`
Packit	40b132	`static PRBool`
Packit	40b132	`pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)`
Packit	40b132	`{`
Packit	40b132	`CK_SLOT_INFO slotInfo;`
Packit	40b132	`CK_SESSION_INFO sessionInfo;`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`/* disabled slots are never present */`
Packit	40b132	`if (slot->disabled) {`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* permanent slots are always present */`
Packit	40b132	`if (slot->isPerm && (slot->session != CK_INVALID_SESSION)) {`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if (slot->nssToken) {`
Packit	40b132	`return nssToken_IsPresent(slot->nssToken);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* removable slots have a flag that says they are present */`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`if (PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,&slotInfo) != CKR_OK) {`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132	`if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {`
Packit	40b132	`/* if the slot is no longer present, close the session */`
Packit	40b132	`if (slot->session != CK_INVALID_SESSION) {`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseSession(slot->session);`
Packit	40b132	`slot->session = CK_INVALID_SESSION;`
Packit	40b132	`}`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* use the session Info to determine if the card has been removed and then`
Packit	40b132	`* re-inserted */`
Packit	40b132	`if (slot->session != CK_INVALID_SESSION) {`
Packit	40b132	`if (slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseSession(slot->session);`
Packit	40b132	`slot->session = CK_INVALID_SESSION;`
Packit	40b132	`}`
Packit	40b132	`if (slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`}`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132
Packit	40b132	`/* card has not been removed, current token info is correct */`
Packit	40b132	`if (slot->session != CK_INVALID_SESSION) return PR_TRUE;`
Packit	40b132
Packit	40b132	`/* initialize the token info state */`
Packit	40b132	`if (PK11_InitToken(slot,loadCerts) != SECSuccess) {`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* old version of the routine`
Packit	40b132	`*/`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsPresent(PK11SlotInfo *slot) {`
Packit	40b132	`return pk11_IsPresentCertLoad(slot,PR_TRUE);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* is the slot disabled? */`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsDisabled(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->disabled;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* and why? */`
Packit	40b132	`PK11DisableReasons`
Packit	40b132	`PK11_GetDisabledReason(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->reason;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* returns PR_TRUE if successfully disable the slot */`
Packit	40b132	`/* returns PR_FALSE otherwise */`
Packit	40b132	`PRBool PK11_UserDisableSlot(PK11SlotInfo *slot) {`
Packit	40b132
Packit	40b132	`/* Prevent users from disabling the internal module. */`
Packit	40b132	`if (slot->isInternal) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_INVALID_ARGS);`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`slot->defaultFlags \|= PK11_DISABLE_FLAG;`
Packit	40b132	`slot->disabled = PR_TRUE;`
Packit	40b132	`slot->reason = PK11_DIS_USER_SELECTED;`
Packit	40b132
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool PK11_UserEnableSlot(PK11SlotInfo *slot) {`
Packit	40b132
Packit	40b132	`slot->defaultFlags &= ~PK11_DISABLE_FLAG;`
Packit	40b132	`slot->disabled = PR_FALSE;`
Packit	40b132	`slot->reason = PK11_DIS_NONE;`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool PK11_HasRootCerts(PK11SlotInfo *slot) {`
Packit	40b132	`return slot->hasRootCerts;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Get the module this slot is attached to */`
Packit	40b132	`SECMODModule *`
Packit	40b132	`PK11_GetModule(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->module;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* return the default flags of a slot */`
Packit	40b132	`unsigned long`
Packit	40b132	`PK11_GetDefaultFlags(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->defaultFlags;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* The following wrapper functions allow us to export an opaque slot`
Packit	40b132	`* function to the rest of libsec and the world... */`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsReadOnly(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->readOnly;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsHW(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->isHW;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsRemovable(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return !slot->isPerm;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsInternal(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->isInternal;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsInternalKeySlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotInfo *int_slot;`
Packit	40b132	`PRBool result;`
Packit	40b132
Packit	40b132	`if (!slot->isInternal) {`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`int_slot = PK11_GetInternalKeySlot();`
Packit	40b132	`result = (int_slot == slot) ? PR_TRUE : PR_FALSE;`
Packit	40b132	`PK11_FreeSlot(int_slot);`
Packit	40b132	`return result;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_NeedLogin(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->needLogin;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PRBool`
Packit	40b132	`PK11_IsFriendly(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`/* internal slot always has public readable certs */`
Packit	40b132	`return (PRBool)(slot->isInternal \|\|`
Packit	40b132	`((slot->defaultFlags & SECMOD_FRIENDLY_FLAG) ==`
Packit	40b132	`SECMOD_FRIENDLY_FLAG));`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`char *`
Packit	40b132	`PK11_GetTokenName(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->token_name;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`char *`
Packit	40b132	`PK11_GetSlotName(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->slot_name;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`int`
Packit	40b132	`PK11_GetSlotSeries(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->series;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`int`
Packit	40b132	`PK11_GetCurrentWrapIndex(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->wrapKey;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`CK_SLOT_ID`
Packit	40b132	`PK11_GetSlotID(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->slotID;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`SECMODModuleID`
Packit	40b132	`PK11_GetModuleID(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`return slot->module->moduleID;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`static void`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(CK_CHAR *buffer, size_t buffer_size)`
Packit	40b132	`{`
Packit	40b132	`CK_CHAR *walk = buffer;`
Packit	40b132	`CK_CHAR *end = buffer + buffer_size;`
Packit	40b132
Packit	40b132	`/* find the NULL */`
Packit	40b132	`while (walk < end && *walk != '\0') {`
Packit	40b132	`walk++;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* clear out the buffer */`
Packit	40b132	`while (walk < end) {`
Packit	40b132	`*walk++ = ' ';`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* return the slot info structure */`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_GetSlotInfo(PK11SlotInfo slot, CK_SLOT_INFO info)`
Packit	40b132	`{`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`/*`
Packit	40b132	`* some buggy drivers do not fill the buffer completely,`
Packit	40b132	`* erase the buffer first`
Packit	40b132	`*/`
Packit	40b132	`PORT_Memset(info->slotDescription,' ',sizeof(info->slotDescription));`
Packit	40b132	`PORT_Memset(info->manufacturerID,' ',sizeof(info->manufacturerID));`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,info);`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->slotDescription,`
Packit	40b132	`sizeof(info->slotDescription));`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->manufacturerID,`
Packit	40b132	`sizeof(info->manufacturerID));`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* return the token info structure */`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_GetTokenInfo(PK11SlotInfo slot, CK_TOKEN_INFO info)`
Packit	40b132	`{`
Packit	40b132	`CK_RV crv;`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`/*`
Packit	40b132	`* some buggy drivers do not fill the buffer completely,`
Packit	40b132	`* erase the buffer first`
Packit	40b132	`*/`
Packit	40b132	`PORT_Memset(info->label,' ',sizeof(info->label));`
Packit	40b132	`PORT_Memset(info->manufacturerID,' ',sizeof(info->manufacturerID));`
Packit	40b132	`PORT_Memset(info->model,' ',sizeof(info->model));`
Packit	40b132	`PORT_Memset(info->serialNumber,' ',sizeof(info->serialNumber));`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,info);`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->label,sizeof(info->label));`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->manufacturerID,`
Packit	40b132	`sizeof(info->manufacturerID));`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->model,sizeof(info->model));`
Packit	40b132	`pk11_zeroTerminatedToBlankPadded(info->serialNumber,`
Packit	40b132	`sizeof(info->serialNumber));`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Find out if we need to initialize the user's pin */`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_NeedUserInit(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`PRBool needUserInit = (PRBool) ((slot->flags & CKF_USER_PIN_INITIALIZED)`
Packit	40b132	`== 0);`
Packit	40b132
Packit	40b132	`if (needUserInit) {`
Packit	40b132	`CK_TOKEN_INFO info;`
Packit	40b132	`SECStatus rv;`
Packit	40b132
Packit	40b132	`/* see if token has been initialized off line */`
Packit	40b132	`rv = PK11_GetTokenInfo(slot, &info;;`
Packit	40b132	`if (rv == SECSuccess) {`
Packit	40b132	`slot->flags = info.flags;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`return (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED) == 0);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`static PK11SlotInfo *pk11InternalKeySlot = NULL;`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Set a new default internal keyslot. If one has already been set, clear it.`
Packit	40b132	`* Passing NULL falls back to the NSS normally selected default internal key`
Packit	40b132	`* slot.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`pk11_SetInternalKeySlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`if (pk11InternalKeySlot) {`
Packit	40b132	`PK11_FreeSlot(pk11InternalKeySlot);`
Packit	40b132	`}`
Packit	40b132	`pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Set a new default internal keyslot if the normal key slot has not already`
Packit	40b132	`* been overridden. Subsequent calls to this function will be ignored unless`
Packit	40b132	`* pk11_SetInternalKeySlot is used to clear the current default.`
Packit	40b132	`*/`
Packit	40b132	`void`
Packit	40b132	`pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`if (pk11InternalKeySlot) {`
Packit	40b132	`return;`
Packit	40b132	`}`
Packit	40b132	`pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Swap out a default internal keyslot. Caller owns the Slot Reference`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`pk11_SwapInternalKeySlot(PK11SlotInfo *slot)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotInfo *swap = pk11InternalKeySlot;`
Packit	40b132
Packit	40b132	`pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;`
Packit	40b132	`return swap;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/* get the internal key slot. FIPS has only one slot for both key slots and`
Packit	40b132	`* default slots */`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetInternalKeySlot(void)`
Packit	40b132	`{`
Packit	40b132	`SECMODModule *mod;`
Packit	40b132
Packit	40b132	`if (pk11InternalKeySlot) {`
Packit	40b132	`return PK11_ReferenceSlot(pk11InternalKeySlot);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`mod = SECMOD_GetInternalModule();`
Packit	40b132	`PORT_Assert(mod != NULL);`
Packit	40b132	`if (!mod) {`
Packit	40b132	`PORT_SetError( SEC_ERROR_NO_MODULE );`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132	`return PK11_ReferenceSlot(mod->isFIPS ? mod->slots[0] : mod->slots[1]);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* get the internal default slot */`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetInternalSlot(void)`
Packit	40b132	`{`
Packit	40b132	`SECMODModule * mod = SECMOD_GetInternalModule();`
Packit	40b132	`PORT_Assert(mod != NULL);`
Packit	40b132	`if (!mod) {`
Packit	40b132	`PORT_SetError( SEC_ERROR_NO_MODULE );`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132	`if (mod->isFIPS) {`
Packit	40b132	`return PK11_GetInternalKeySlot();`
Packit	40b132	`}`
Packit	40b132	`return PK11_ReferenceSlot(mod->slots[0]);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* check if a given slot supports the requested mechanism`
Packit	40b132	`*/`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)`
Packit	40b132	`{`
Packit	40b132	`int i;`
Packit	40b132
Packit	40b132	`/* CKM_FAKE_RANDOM is not a real PKCS mechanism. It's a marker to`
Packit	40b132	`* tell us we're looking form someone that has implemented get`
Packit	40b132	`* random bits */`
Packit	40b132	`if (type == CKM_FAKE_RANDOM) {`
Packit	40b132	`return slot->hasRandom;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* for most mechanism, bypass the linear lookup */`
Packit	40b132	`if (type < 0x7ff) {`
Packit	40b132	`return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8))) ?`
Packit	40b132	`PR_TRUE : PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`for (i=0; i < (int) slot->mechanismCount; i++) {`
Packit	40b132	`if (slot->mechanismList[i] == type) return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Return true if a token that can do the desired mechanism exists.`
Packit	40b132	`* This allows us to have hardware tokens that can do function XYZ magically`
Packit	40b132	`* allow SSL Ciphers to appear if they are plugged in.`
Packit	40b132	`*/`
Packit	40b132	`PRBool`
Packit	40b132	`PK11_TokenExists(CK_MECHANISM_TYPE type)`
Packit	40b132	`{`
Packit	40b132	`SECMODModuleList *mlp;`
Packit	40b132	`SECMODModuleList *modules;`
Packit	40b132	`SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`PK11SlotInfo *slot;`
Packit	40b132	`PRBool found = PR_FALSE;`
Packit	40b132	`int i;`
Packit	40b132
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return found;`
Packit	40b132	`}`
Packit	40b132	`/* we only need to know if there is a token that does this mechanism.`
Packit	40b132	`* check the internal module first because it's fast, and supports`
Packit	40b132	`* almost everything. */`
Packit	40b132	`slot = PK11_GetInternalSlot();`
Packit	40b132	`if (slot) {`
Packit	40b132	`found = PK11_DoesMechanism(slot,type);`
Packit	40b132	`PK11_FreeSlot(slot);`
Packit	40b132	`}`
Packit	40b132	`if (found) return PR_TRUE; /* bypass getting module locks */`
Packit	40b132
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for(mlp = modules; mlp != NULL && (!found); mlp = mlp->next) {`
Packit	40b132	`for (i=0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`slot = mlp->module->slots[i];`
Packit	40b132	`if (PK11_IsPresent(slot)) {`
Packit	40b132	`if (PK11_DoesMechanism(slot,type)) {`
Packit	40b132	`found = PR_TRUE;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132	`return found;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* get all the currently available tokens in a list.`
Packit	40b132	`* that can perform the given mechanism. If mechanism is CKM_INVALID_MECHANISM,`
Packit	40b132	`* get all the tokens. Make sure tokens that need authentication are put at`
Packit	40b132	`* the end of this list.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotList *`
Packit	40b132	`PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,`
Packit	40b132	`void *wincx)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotList * list;`
Packit	40b132	`PK11SlotList * loginList;`
Packit	40b132	`PK11SlotList * friendlyList;`
Packit	40b132	`SECMODModuleList * mlp;`
Packit	40b132	`SECMODModuleList * modules;`
Packit	40b132	`SECMODListLock * moduleLock;`
Packit	40b132	`int i;`
Packit	40b132	`#if defined( XP_WIN32 )`
Packit	40b132	`int j = 0;`
Packit	40b132	`PRInt32 waste[16];`
Packit	40b132	`#endif`
Packit	40b132
Packit	40b132	`moduleLock = SECMOD_GetDefaultModuleListLock();`
Packit	40b132	`if (!moduleLock) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NOT_INITIALIZED);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`list = PK11_NewSlotList();`
Packit	40b132	`loginList = PK11_NewSlotList();`
Packit	40b132	`friendlyList = PK11_NewSlotList();`
Packit	40b132	`if ((list == NULL) \|\| (loginList == NULL) \|\| (friendlyList == NULL)) {`
Packit	40b132	`if (list) PK11_FreeSlotList(list);`
Packit	40b132	`if (loginList) PK11_FreeSlotList(loginList);`
Packit	40b132	`if (friendlyList) PK11_FreeSlotList(friendlyList);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`SECMOD_GetReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`modules = SECMOD_GetDefaultModuleList();`
Packit	40b132	`for(mlp = modules; mlp != NULL; mlp = mlp->next) {`
Packit	40b132
Packit	40b132	`#if defined( XP_WIN32 )`
Packit	40b132	`/* This is works around some horrible cache/page thrashing problems`
Packit	40b132	`** on Win32. Without this, this loop can take up to 6 seconds at`
Packit	40b132	`** 100% CPU on a Pentium-Pro 200. The thing this changes is to`
Packit	40b132	`** increase the size of the stack frame and modify it.`
Packit	40b132	`** Moving the loop code itself seems to have no effect.`
Packit	40b132	`** Dunno why this combination makes a difference, but it does.`
Packit	40b132	`*/`
Packit	40b132	`waste[ j & 0xf] = j++;`
Packit	40b132	`#endif`
Packit	40b132
Packit	40b132	`for (i = 0; i < mlp->module->slotCount; i++) {`
Packit	40b132	`PK11SlotInfo *slot = mlp->module->slots[i];`
Packit	40b132
Packit	40b132	`if (pk11_IsPresentCertLoad(slot, loadCerts)) {`
Packit	40b132	`if (needRW && slot->readOnly) continue;`
Packit	40b132	`if ((type == CKM_INVALID_MECHANISM)`
Packit	40b132	`\|\| PK11_DoesMechanism(slot, type)) {`
Packit	40b132	`if (pk11_LoginStillRequired(slot,wincx)) {`
Packit	40b132	`if (PK11_IsFriendly(slot)) {`
Packit	40b132	`PK11_AddSlotToList(friendlyList, slot, PR_TRUE);`
Packit	40b132	`} else {`
Packit	40b132	`PK11_AddSlotToList(loginList, slot, PR_TRUE);`
Packit	40b132	`}`
Packit	40b132	`} else {`
Packit	40b132	`PK11_AddSlotToList(list, slot, PR_TRUE);`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`SECMOD_ReleaseReadLock(moduleLock);`
Packit	40b132
Packit	40b132	`pk11_MoveListToList(list,friendlyList);`
Packit	40b132	`PK11_FreeSlotList(friendlyList);`
Packit	40b132	`pk11_MoveListToList(list,loginList);`
Packit	40b132	`PK11_FreeSlotList(loginList);`
Packit	40b132
Packit	40b132	`return list;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* NOTE: This routine is working from a private List generated by`
Packit	40b132	`* PK11_GetAllTokens. That is why it does not need to lock.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotList *`
Packit	40b132	`PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,PRBool needRW,void *wincx)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotList *list = PK11_GetAllTokens(type,needRW,PR_TRUE,wincx);`
Packit	40b132	`PK11SlotListElement le, next ;`
Packit	40b132	`SECStatus rv;`
Packit	40b132
Packit	40b132	`if (list == NULL) return list;`
Packit	40b132
Packit	40b132	`for (le = list->head ; le; le = next) {`
Packit	40b132	`next = le->next; /* save the pointer here in case we have to`
Packit	40b132	`* free the element later */`
Packit	40b132	`rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);`
Packit	40b132	`if (rv != SECSuccess) {`
Packit	40b132	`PK11_DeleteSlotFromList(list,le);`
Packit	40b132	`continue;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`return list;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* returns true if the slot doesn't conform to the requested attributes`
Packit	40b132	`*/`
Packit	40b132	`PRBool`
Packit	40b132	`pk11_filterSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism,`
Packit	40b132	`CK_FLAGS mechanismInfoFlags, unsigned int keySize)`
Packit	40b132	`{`
Packit	40b132	`CK_MECHANISM_INFO mechanism_info;`
Packit	40b132	`CK_RV crv = CKR_OK;`
Packit	40b132
Packit	40b132	`/* handle the only case where we don't actually fetch the mechanisms`
Packit	40b132	`* on the fly */`
Packit	40b132	`if ((keySize == 0) && (mechanism == CKM_RSA_PKCS) && (slot->hasRSAInfo)) {`
Packit	40b132	`mechanism_info.flags = slot->RSAInfoFlags;`
Packit	40b132	`} else {`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, mechanism,`
Packit	40b132	`&mechanism_info);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`/* if we were getting the RSA flags, save them */`
Packit	40b132	`if ((crv == CKR_OK) && (mechanism == CKM_RSA_PKCS)`
Packit	40b132	`&& (!slot->hasRSAInfo)) {`
Packit	40b132	`slot->RSAInfoFlags = mechanism_info.flags;`
Packit	40b132	`slot->hasRSAInfo = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`/* couldn't get the mechanism info */`
Packit	40b132	`if (crv != CKR_OK ) {`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`if (keySize && ((mechanism_info.ulMinKeySize > keySize)`
Packit	40b132	`\|\| (mechanism_info.ulMaxKeySize < keySize)) ) {`
Packit	40b132	`/* Token can do mechanism, but not at the key size we`
Packit	40b132	`* want */`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`if (mechanismInfoFlags && ((mechanism_info.flags & mechanismInfoFlags) !=`
Packit	40b132	`mechanismInfoFlags) ) {`
Packit	40b132	`return PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`return PR_FALSE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Find the best slot which supports the given set of mechanisms and key sizes.`
Packit	40b132	`* In normal cases this should grab the first slot on the list with no fuss.`
Packit	40b132	`* The size array is presumed to match one for one with the mechanism type`
Packit	40b132	`* array, which allows you to specify the required key size for each`
Packit	40b132	`* mechanism in the list. Whether key size is in bits or bytes is mechanism`
Packit	40b132	`* dependent. Typically asymetric keys are in bits and symetric keys are in`
Packit	40b132	`* bytes.`
Packit	40b132	`*/`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,`
Packit	40b132	`CK_FLAGS mechanismInfoFlags, unsigned int keySize,`
Packit	40b132	`unsigned int mech_count, void *wincx)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotList *list = NULL;`
Packit	40b132	`PK11SlotListElement *le ;`
Packit	40b132	`PK11SlotInfo *slot = NULL;`
Packit	40b132	`PRBool freeit = PR_FALSE;`
Packit	40b132	`PRBool listNeedLogin = PR_FALSE;`
Packit	40b132	`int i;`
Packit	40b132	`SECStatus rv;`
Packit	40b132
Packit	40b132	`list = PK11_GetSlotList(type[0]);`
Packit	40b132
Packit	40b132	`if ((list == NULL) \|\| (list->head == NULL)) {`
Packit	40b132	`/* We need to look up all the tokens for the mechanism */`
Packit	40b132	`list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx);`
Packit	40b132	`freeit = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* no one can do it! */`
Packit	40b132	`if (list == NULL) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_TOKEN);`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PORT_SetError(0);`
Packit	40b132
Packit	40b132
Packit	40b132	`listNeedLogin = PR_FALSE;`
Packit	40b132	`for (i=0; i < mech_count; i++) {`
Packit	40b132	`if ((type[i] != CKM_FAKE_RANDOM) &&`
Packit	40b132	`(type[i] != CKM_SHA_1) &&`
Packit	40b132	`(type[i] != CKM_SHA224) &&`
Packit	40b132	`(type[i] != CKM_SHA256) &&`
Packit	40b132	`(type[i] != CKM_SHA384) &&`
Packit	40b132	`(type[i] != CKM_SHA512) &&`
Packit	40b132	`(type[i] != CKM_MD5) &&`
Packit	40b132	`(type[i] != CKM_MD2)) {`
Packit	40b132	`listNeedLogin = PR_TRUE;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`for (le = PK11_GetFirstSafe(list); le;`
Packit	40b132	`le = PK11_GetNextSafe(list,le,PR_TRUE)) {`
Packit	40b132	`if (PK11_IsPresent(le->slot)) {`
Packit	40b132	`PRBool doExit = PR_FALSE;`
Packit	40b132	`for (i=0; i < mech_count; i++) {`
Packit	40b132	`if (!PK11_DoesMechanism(le->slot,type[i])) {`
Packit	40b132	`doExit = PR_TRUE;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`if ((mechanismInfoFlags && mechanismInfoFlags[i]) \|\|`
Packit	40b132	`(keySize && keySize[i])) {`
Packit	40b132	`if (pk11_filterSlot(le->slot, type[i],`
Packit	40b132	`mechanismInfoFlags ? mechanismInfoFlags[i] : 0,`
Packit	40b132	`keySize ? keySize[i] : 0)) {`
Packit	40b132	`doExit = PR_TRUE;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`if (doExit) continue;`
Packit	40b132
Packit	40b132	`if (listNeedLogin && le->slot->needLogin) {`
Packit	40b132	`rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);`
Packit	40b132	`if (rv != SECSuccess) continue;`
Packit	40b132	`}`
Packit	40b132	`slot = le->slot;`
Packit	40b132	`PK11_ReferenceSlot(slot);`
Packit	40b132	`PK11_FreeSlotListElement(list,le);`
Packit	40b132	`if (freeit) { PK11_FreeSlotList(list); }`
Packit	40b132	`return slot;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (freeit) { PK11_FreeSlotList(list); }`
Packit	40b132	`if (PORT_GetError() == 0) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_NO_TOKEN);`
Packit	40b132	`}`
Packit	40b132	`return NULL;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type,`
Packit	40b132	`unsigned int mech_count, void *wincx)`
Packit	40b132	`{`
Packit	40b132	`return PK11_GetBestSlotMultipleWithAttributes(type, NULL, NULL,`
Packit	40b132	`mech_count, wincx);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* original get best slot now calls the multiple version with only one type */`
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx)`
Packit	40b132	`{`
Packit	40b132	`return PK11_GetBestSlotMultipleWithAttributes(&type, NULL, NULL, 1, wincx);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PK11SlotInfo *`
Packit	40b132	`PK11_GetBestSlotWithAttributes(CK_MECHANISM_TYPE type, CK_FLAGS mechanismFlags,`
Packit	40b132	`unsigned int keySize, void *wincx)`
Packit	40b132	`{`
Packit	40b132	`return PK11_GetBestSlotMultipleWithAttributes(&type, &mechanismFlags,`
Packit	40b132	`&keySize, 1, wincx);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`int`
Packit	40b132	`PK11_GetBestKeyLength(PK11SlotInfo *slot,CK_MECHANISM_TYPE mechanism)`
Packit	40b132	`{`
Packit	40b132	`CK_MECHANISM_INFO mechanism_info;`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,`
Packit	40b132	`mechanism,&mechanism_info);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) return 0;`
Packit	40b132
Packit	40b132	`if (mechanism_info.ulMinKeySize == mechanism_info.ulMaxKeySize)`
Packit	40b132	`return 0;`
Packit	40b132	`return mechanism_info.ulMaxKeySize;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* This function uses the existing PKCS #11 module to find the`
Packit	40b132	`* longest supported key length in the preferred token for a mechanism.`
Packit	40b132	`* This varies from the above function in that 1) it returns the key length`
Packit	40b132	`* even for fixed key algorithms, and 2) it looks through the tokens`
Packit	40b132	`* generally rather than for a specific token. This is used in liu of`
Packit	40b132	`* a PK11_GetKeyLength function in pk11mech.c since we can actually read`
Packit	40b132	`* supported key lengths from PKCS #11.`
Packit	40b132	`*`
Packit	40b132	`* For symmetric key operations the length is returned in bytes.`
Packit	40b132	`*/`
Packit	40b132	`int`
Packit	40b132	`PK11_GetMaxKeyLength(CK_MECHANISM_TYPE mechanism)`
Packit	40b132	`{`
Packit	40b132	`CK_MECHANISM_INFO mechanism_info;`
Packit	40b132	`PK11SlotList *list = NULL;`
Packit	40b132	`PK11SlotListElement *le ;`
Packit	40b132	`PRBool freeit = PR_FALSE;`
Packit	40b132	`int keyLength = 0;`
Packit	40b132
Packit	40b132	`list = PK11_GetSlotList(mechanism);`
Packit	40b132
Packit	40b132	`if ((list == NULL) \|\| (list->head == NULL)) {`
Packit	40b132	`/* We need to look up all the tokens for the mechanism */`
Packit	40b132	`list = PK11_GetAllTokens(mechanism,PR_FALSE,PR_FALSE,NULL);`
Packit	40b132	`freeit = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* no tokens recognize this mechanism */`
Packit	40b132	`if (list == NULL) {`
Packit	40b132	`PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);`
Packit	40b132	`return 0;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`for (le = PK11_GetFirstSafe(list); le;`
Packit	40b132	`le = PK11_GetNextSafe(list,le,PR_TRUE)) {`
Packit	40b132	`PK11SlotInfo *slot = le->slot;`
Packit	40b132	`CK_RV crv;`
Packit	40b132	`if (PK11_IsPresent(slot)) {`
Packit	40b132	`if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,`
Packit	40b132	`mechanism,&mechanism_info);`
Packit	40b132	`if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if ((crv == CKR_OK) && (mechanism_info.ulMaxKeySize != 0)`
Packit	40b132	`&& (mechanism_info.ulMaxKeySize != 0xffffffff)) {`
Packit	40b132	`keyLength = mechanism_info.ulMaxKeySize;`
Packit	40b132	`break;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`if (le)`
Packit	40b132	`PK11_FreeSlotListElement(list, le);`
Packit	40b132	`if (freeit)`
Packit	40b132	`PK11_FreeSlotList(list);`
Packit	40b132	`return keyLength;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_SeedRandom(PK11SlotInfo slot, unsigned char data, int len) {`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session, data, (CK_ULONG)len);`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_GenerateRandomOnSlot(PK11SlotInfo slot, unsigned char data, int len) {`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`if (!slot->isInternal) PK11_EnterSlotMonitor(slot);`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_GenerateRandom(slot->session,data,`
Packit	40b132	`(CK_ULONG)len);`
Packit	40b132	`if (!slot->isInternal) PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* Attempts to update the Best Slot for "FAKE RANDOM" generation.`
Packit	40b132	`** If that's not the internal slot, then it also attempts to update the`
Packit	40b132	`** internal slot.`
Packit	40b132	`** The return value indicates if the INTERNAL slot was updated OK.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_RandomUpdate(void *data, size_t bytes)`
Packit	40b132	`{`
Packit	40b132	`PK11SlotInfo *slot;`
Packit	40b132	`PRBool bestIsInternal;`
Packit	40b132	`SECStatus status;`
Packit	40b132
Packit	40b132	`slot = PK11_GetBestSlot(CKM_FAKE_RANDOM, NULL);`
Packit	40b132	`if (slot == NULL) {`
Packit	40b132	`slot = PK11_GetInternalSlot();`
Packit	40b132	`if (!slot)`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`bestIsInternal = PK11_IsInternal(slot);`
Packit	40b132	`status = PK11_SeedRandom(slot, data, bytes);`
Packit	40b132	`PK11_FreeSlot(slot);`
Packit	40b132
Packit	40b132	`if (!bestIsInternal) {`
Packit	40b132	`/* do internal slot, too. */`
Packit	40b132	`slot = PK11_GetInternalSlot(); /* can't fail */`
Packit	40b132	`status = PK11_SeedRandom(slot, data, bytes);`
Packit	40b132	`PK11_FreeSlot(slot);`
Packit	40b132	`}`
Packit	40b132	`return status;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_GenerateRandom(unsigned char *data,int len) {`
Packit	40b132	`PK11SlotInfo *slot;`
Packit	40b132	`SECStatus rv;`
Packit	40b132
Packit	40b132	`slot = PK11_GetBestSlot(CKM_FAKE_RANDOM,NULL);`
Packit	40b132	`if (slot == NULL) return SECFailure;`
Packit	40b132
Packit	40b132	`rv = PK11_GenerateRandomOnSlot(slot, data, len);`
Packit	40b132	`PK11_FreeSlot(slot);`
Packit	40b132	`return rv;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* Reset the token to it's initial state. For the internal module, this will`
Packit	40b132	`* Purge your keydb, and reset your cert db certs to USER_INIT.`
Packit	40b132	`*/`
Packit	40b132	`SECStatus`
Packit	40b132	`PK11_ResetToken(PK11SlotInfo slot, char sso_pwd)`
Packit	40b132	`{`
Packit	40b132	`unsigned char tokenName[32];`
Packit	40b132	`int tokenNameLen;`
Packit	40b132	`CK_RV crv;`
Packit	40b132
Packit	40b132	`/* reconstruct the token name */`
Packit	40b132	`tokenNameLen = PORT_Strlen(slot->token_name);`
Packit	40b132	`if (tokenNameLen > sizeof(tokenName)) {`
Packit	40b132	`tokenNameLen = sizeof(tokenName);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`PORT_Memcpy(tokenName,slot->token_name,tokenNameLen);`
Packit	40b132	`if (tokenNameLen < sizeof(tokenName)) {`
Packit	40b132	`PORT_Memset(&tokenName[tokenNameLen],' ',`
Packit	40b132	`sizeof(tokenName)-tokenNameLen);`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/* initialize the token */`
Packit	40b132	`PK11_EnterSlotMonitor(slot);`
Packit	40b132
Packit	40b132	`/* first shutdown the token. Existing sessions will get closed here */`
Packit	40b132	`PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);`
Packit	40b132	`slot->session = CK_INVALID_SESSION;`
Packit	40b132
Packit	40b132	`/* now re-init the token */`
Packit	40b132	`crv = PK11_GETTAB(slot)->C_InitToken(slot->slotID,`
Packit	40b132	`(unsigned char *)sso_pwd, sso_pwd ? PORT_Strlen(sso_pwd): 0, tokenName);`
Packit	40b132
Packit	40b132	`/* finally bring the token back up */`
Packit	40b132	`PK11_InitToken(slot,PR_TRUE);`
Packit	40b132	`PK11_ExitSlotMonitor(slot);`
Packit	40b132	`if (crv != CKR_OK) {`
Packit	40b132	`PORT_SetError(PK11_MapError(crv));`
Packit	40b132	`return SECFailure;`
Packit	40b132	`}`
Packit	40b132	`nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,`
Packit	40b132	`slot->nssToken);`
Packit	40b132	`return SECSuccess;`
Packit	40b132	`}`
Packit	40b132	`void`
Packit	40b132	`PK11Slot_SetNSSToken(PK11SlotInfo sl, NSSToken nsst)`
Packit	40b132	`{`
Packit	40b132	`sl->nssToken = nsst;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`NSSToken *`
Packit	40b132	`PK11Slot_GetNSSToken(PK11SlotInfo *sl)`
Packit	40b132	`{`
Packit	40b132	`return sl->nssToken;`
Packit	40b132	`}`
Packit	40b132
Packit	40b132	`/*`
Packit	40b132	`* wait for a token to change it's state. The application passes in the expected`
Packit	40b132	`* new state in event.`
Packit	40b132	`*/`
Packit	40b132	`PK11TokenStatus`
Packit	40b132	`PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,`
Packit	40b132	`PRIntervalTime timeout, PRIntervalTime latency, int series)`
Packit	40b132	`{`
Packit	40b132	`PRIntervalTime first_time = 0;`
Packit	40b132	`PRBool first_time_set = PR_FALSE;`
Packit	40b132	`PRBool waitForRemoval;`
Packit	40b132
Packit	40b132	`if (slot->isPerm) {`
Packit	40b132	`return PK11TokenNotRemovable;`
Packit	40b132	`}`
Packit	40b132	`if (latency == 0) {`
Packit	40b132	`latency = PR_SecondsToInterval(5);`
Packit	40b132	`}`
Packit	40b132	`waitForRemoval = (PRBool) (event == PK11TokenRemovedOrChangedEvent);`
Packit	40b132
Packit	40b132	`if (series == 0) {`
Packit	40b132	`series = PK11_GetSlotSeries(slot);`
Packit	40b132	`}`
Packit	40b132	`while (PK11_IsPresent(slot) == waitForRemoval ) {`
Packit	40b132	`PRIntervalTime interval;`
Packit	40b132
Packit	40b132	`if (waitForRemoval && series != PK11_GetSlotSeries(slot)) {`
Packit	40b132	`return PK11TokenChanged;`
Packit	40b132	`}`
Packit	40b132	`if (timeout == PR_INTERVAL_NO_WAIT) {`
Packit	40b132	`return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;`
Packit	40b132	`}`
Packit	40b132	`if (timeout != PR_INTERVAL_NO_TIMEOUT ) {`
Packit	40b132	`interval = PR_IntervalNow();`
Packit	40b132	`if (!first_time_set) {`
Packit	40b132	`first_time = interval;`
Packit	40b132	`first_time_set = PR_TRUE;`
Packit	40b132	`}`
Packit	40b132	`if ((interval-first_time) > timeout) {`
Packit	40b132	`return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;`
Packit	40b132	`}`
Packit	40b132	`}`
Packit	40b132	`PR_Sleep(latency);`
Packit	40b132	`}`
Packit	40b132	`return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent;`
Packit	40b132	`}`

source-git / mingw-nss

Source Code

Blame nss/lib/pk11wrap/pk11slot.c