The Tor Browser / annotate

security/nss/lib/ckfw/nssmkey/mfind.c@6474c204b198 (annotated)

security/nss/lib/ckfw/nssmkey/mfind.c

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 #ifndef CKMK_H
michael@0 6 #include "ckmk.h"
michael@0 7 #endif /* CKMK_H */
michael@0 8
michael@0 9 /*
michael@0 10 * nssmkey/mfind.c
michael@0 11 *
michael@0 12 * This file implements the NSSCKMDFindObjects object for the
michael@0 13 * "nssmkey" cryptoki module.
michael@0 14 */
michael@0 15
michael@0 16 struct ckmkFOStr {
michael@0 17 NSSArena *arena;
michael@0 18 CK_ULONG n;
michael@0 19 CK_ULONG i;
michael@0 20 ckmkInternalObject **objs;
michael@0 21 };
michael@0 22
michael@0 23 static void
michael@0 24 ckmk_mdFindObjects_Final
michael@0 25 (
michael@0 26 NSSCKMDFindObjects *mdFindObjects,
michael@0 27 NSSCKFWFindObjects *fwFindObjects,
michael@0 28 NSSCKMDSession *mdSession,
michael@0 29 NSSCKFWSession *fwSession,
michael@0 30 NSSCKMDToken *mdToken,
michael@0 31 NSSCKFWToken *fwToken,
michael@0 32 NSSCKMDInstance *mdInstance,
michael@0 33 NSSCKFWInstance *fwInstance
michael@0 34 )
michael@0 35 {
michael@0 36 struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
michael@0 37 NSSArena *arena = fo->arena;
michael@0 38 PRUint32 i;
michael@0 39
michael@0 40 /* walk down an free the unused 'objs' */
michael@0 41 for (i=fo->i; i < fo->n ; i++) {
michael@0 42 nss_ckmk_DestroyInternalObject(fo->objs[i]);
michael@0 43 }
michael@0 44
michael@0 45 nss_ZFreeIf(fo->objs);
michael@0 46 nss_ZFreeIf(fo);
michael@0 47 nss_ZFreeIf(mdFindObjects);
michael@0 48 if ((NSSArena *)NULL != arena) {
michael@0 49 NSSArena_Destroy(arena);
michael@0 50 }
michael@0 51
michael@0 52 return;
michael@0 53 }
michael@0 54
michael@0 55 static NSSCKMDObject *
michael@0 56 ckmk_mdFindObjects_Next
michael@0 57 (
michael@0 58 NSSCKMDFindObjects *mdFindObjects,
michael@0 59 NSSCKFWFindObjects *fwFindObjects,
michael@0 60 NSSCKMDSession *mdSession,
michael@0 61 NSSCKFWSession *fwSession,
michael@0 62 NSSCKMDToken *mdToken,
michael@0 63 NSSCKFWToken *fwToken,
michael@0 64 NSSCKMDInstance *mdInstance,
michael@0 65 NSSCKFWInstance *fwInstance,
michael@0 66 NSSArena *arena,
michael@0 67 CK_RV *pError
michael@0 68 )
michael@0 69 {
michael@0 70 struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
michael@0 71 ckmkInternalObject *io;
michael@0 72
michael@0 73 if( fo->i == fo->n ) {
michael@0 74 *pError = CKR_OK;
michael@0 75 return (NSSCKMDObject *)NULL;
michael@0 76 }
michael@0 77
michael@0 78 io = fo->objs[ fo->i ];
michael@0 79 fo->i++;
michael@0 80
michael@0 81 return nss_ckmk_CreateMDObject(arena, io, pError);
michael@0 82 }
michael@0 83
michael@0 84 static CK_BBOOL
michael@0 85 ckmk_attrmatch
michael@0 86 (
michael@0 87 CK_ATTRIBUTE_PTR a,
michael@0 88 ckmkInternalObject *o
michael@0 89 )
michael@0 90 {
michael@0 91 PRBool prb;
michael@0 92 const NSSItem *b;
michael@0 93 CK_RV error;
michael@0 94
michael@0 95 b = nss_ckmk_FetchAttribute(o, a->type, &error);
michael@0 96 if (b == NULL) {
michael@0 97 return CK_FALSE;
michael@0 98 }
michael@0 99
michael@0 100 if( a->ulValueLen != b->size ) {
michael@0 101 /* match a decoded serial number */
michael@0 102 if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
michael@0 103 int len;
michael@0 104 unsigned char *data;
michael@0 105
michael@0 106 data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL);
michael@0 107 if ((len == a->ulValueLen) &&
michael@0 108 nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
michael@0 109 return CK_TRUE;
michael@0 110 }
michael@0 111 }
michael@0 112 return CK_FALSE;
michael@0 113 }
michael@0 114
michael@0 115 prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
michael@0 116
michael@0 117 if( PR_TRUE == prb ) {
michael@0 118 return CK_TRUE;
michael@0 119 } else {
michael@0 120 return CK_FALSE;
michael@0 121 }
michael@0 122 }
michael@0 123
michael@0 124
michael@0 125 static CK_BBOOL
michael@0 126 ckmk_match
michael@0 127 (
michael@0 128 CK_ATTRIBUTE_PTR pTemplate,
michael@0 129 CK_ULONG ulAttributeCount,
michael@0 130 ckmkInternalObject *o
michael@0 131 )
michael@0 132 {
michael@0 133 CK_ULONG i;
michael@0 134
michael@0 135 for( i = 0; i < ulAttributeCount; i++ ) {
michael@0 136 if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) {
michael@0 137 return CK_FALSE;
michael@0 138 }
michael@0 139 }
michael@0 140
michael@0 141 /* Every attribute passed */
michael@0 142 return CK_TRUE;
michael@0 143 }
michael@0 144
michael@0 145 #define CKMK_ITEM_CHUNK 20
michael@0 146
michael@0 147 #define PUT_OBJECT(obj, err, size, count, list) \
michael@0 148 { \
michael@0 149 if (count >= size) { \
michael@0 150 (list) = (list) ? \
michael@0 151 nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
michael@0 152 ((size)+CKMK_ITEM_CHUNK) ) : \
michael@0 153 nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
michael@0 154 ((size)+CKMK_ITEM_CHUNK) ) ; \
michael@0 155 if ((ckmkInternalObject **)NULL == list) { \
michael@0 156 err = CKR_HOST_MEMORY; \
michael@0 157 goto loser; \
michael@0 158 } \
michael@0 159 (size) += CKMK_ITEM_CHUNK; \
michael@0 160 } \
michael@0 161 (list)[ count ] = (obj); \
michael@0 162 count++; \
michael@0 163 }
michael@0 164
michael@0 165
michael@0 166 /* find all the certs that represent the appropriate object (cert, priv key, or
michael@0 167 * pub key) in the cert store.
michael@0 168 */
michael@0 169 static PRUint32
michael@0 170 collect_class(
michael@0 171 CK_OBJECT_CLASS objClass,
michael@0 172 SecItemClass itemClass,
michael@0 173 CK_ATTRIBUTE_PTR pTemplate,
michael@0 174 CK_ULONG ulAttributeCount,
michael@0 175 ckmkInternalObject ***listp,
michael@0 176 PRUint32 *sizep,
michael@0 177 PRUint32 count,
michael@0 178 CK_RV *pError
michael@0 179 )
michael@0 180 {
michael@0 181 ckmkInternalObject *next = NULL;
michael@0 182 SecKeychainSearchRef searchRef = 0;
michael@0 183 SecKeychainItemRef itemRef = 0;
michael@0 184 OSStatus error;
michael@0 185
michael@0 186 /* future, build the attribute list based on the template
michael@0 187 * so we can refine the search */
michael@0 188 error = SecKeychainSearchCreateFromAttributes(
michael@0 189 NULL, itemClass, NULL, &searchRef);
michael@0 190
michael@0 191 while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
michael@0 192 /* if we don't have an internal object structure, get one */
michael@0 193 if ((ckmkInternalObject *)NULL == next) {
michael@0 194 next = nss_ZNEW(NULL, ckmkInternalObject);
michael@0 195 if ((ckmkInternalObject *)NULL == next) {
michael@0 196 *pError = CKR_HOST_MEMORY;
michael@0 197 goto loser;
michael@0 198 }
michael@0 199 }
michael@0 200 /* fill in the relevant object data */
michael@0 201 next->type = ckmkItem;
michael@0 202 next->objClass = objClass;
michael@0 203 next->u.item.itemRef = itemRef;
michael@0 204 next->u.item.itemClass = itemClass;
michael@0 205
michael@0 206 /* see if this is one of the objects we are looking for */
michael@0 207 if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
michael@0 208 /* yes, put it on the list */
michael@0 209 PUT_OBJECT(next, *pError, *sizep, count, *listp);
michael@0 210 next = NULL; /* this one is on the list, need to allocate a new one now */
michael@0 211 } else {
michael@0 212 /* no , release the current item and clear out the structure for reuse */
michael@0 213 CFRelease(itemRef);
michael@0 214 /* don't cache the values we just loaded */
michael@0 215 nsslibc_memset(next, 0, sizeof(*next));
michael@0 216 }
michael@0 217 }
michael@0 218 loser:
michael@0 219 if (searchRef) {
michael@0 220 CFRelease(searchRef);
michael@0 221 }
michael@0 222 nss_ZFreeIf(next);
michael@0 223 return count;
michael@0 224 }
michael@0 225
michael@0 226 static PRUint32
michael@0 227 collect_objects(
michael@0 228 CK_ATTRIBUTE_PTR pTemplate,
michael@0 229 CK_ULONG ulAttributeCount,
michael@0 230 ckmkInternalObject ***listp,
michael@0 231 CK_RV *pError
michael@0 232 )
michael@0 233 {
michael@0 234 PRUint32 i;
michael@0 235 PRUint32 count = 0;
michael@0 236 PRUint32 size = 0;
michael@0 237 CK_OBJECT_CLASS objClass;
michael@0 238
michael@0 239 /*
michael@0 240 * first handle the static build in objects (if any)
michael@0 241 */
michael@0 242 for( i = 0; i < nss_ckmk_nObjects; i++ ) {
michael@0 243 ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i];
michael@0 244
michael@0 245 if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) {
michael@0 246 PUT_OBJECT(o, *pError, size, count, *listp);
michael@0 247 }
michael@0 248 }
michael@0 249
michael@0 250 /*
michael@0 251 * now handle the various object types
michael@0 252 */
michael@0 253 objClass = nss_ckmk_GetULongAttribute(CKA_CLASS,
michael@0 254 pTemplate, ulAttributeCount, pError);
michael@0 255 if (CKR_OK != *pError) {
michael@0 256 objClass = CK_INVALID_HANDLE;
michael@0 257 }
michael@0 258 *pError = CKR_OK;
michael@0 259 switch (objClass) {
michael@0 260 case CKO_CERTIFICATE:
michael@0 261 count = collect_class(objClass, kSecCertificateItemClass,
michael@0 262 pTemplate, ulAttributeCount, listp,
michael@0 263 &size, count, pError);
michael@0 264 break;
michael@0 265 case CKO_PUBLIC_KEY:
michael@0 266 count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY,
michael@0 267 pTemplate, ulAttributeCount, listp,
michael@0 268 &size, count, pError);
michael@0 269 break;
michael@0 270 case CKO_PRIVATE_KEY:
michael@0 271 count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY,
michael@0 272 pTemplate, ulAttributeCount, listp,
michael@0 273 &size, count, pError);
michael@0 274 break;
michael@0 275 /* all of them */
michael@0 276 case CK_INVALID_HANDLE:
michael@0 277 count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass,
michael@0 278 pTemplate, ulAttributeCount, listp,
michael@0 279 &size, count, pError);
michael@0 280 count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY,
michael@0 281 pTemplate, ulAttributeCount, listp,
michael@0 282 &size, count, pError);
michael@0 283 count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY,
michael@0 284 pTemplate, ulAttributeCount, listp,
michael@0 285 &size, count, pError);
michael@0 286 break;
michael@0 287 default:
michael@0 288 break;
michael@0 289 }
michael@0 290 if (CKR_OK != *pError) {
michael@0 291 goto loser;
michael@0 292 }
michael@0 293
michael@0 294 return count;
michael@0 295 loser:
michael@0 296 nss_ZFreeIf(*listp);
michael@0 297 return 0;
michael@0 298 }
michael@0 299
michael@0 300
michael@0 301 NSS_IMPLEMENT NSSCKMDFindObjects *
michael@0 302 nss_ckmk_FindObjectsInit
michael@0 303 (
michael@0 304 NSSCKFWSession *fwSession,
michael@0 305 CK_ATTRIBUTE_PTR pTemplate,
michael@0 306 CK_ULONG ulAttributeCount,
michael@0 307 CK_RV *pError
michael@0 308 )
michael@0 309 {
michael@0 310 /* This could be made more efficient. I'm rather rushed. */
michael@0 311 NSSArena *arena;
michael@0 312 NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
michael@0 313 struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL;
michael@0 314 ckmkInternalObject **temp = (ckmkInternalObject **)NULL;
michael@0 315
michael@0 316 arena = NSSArena_Create();
michael@0 317 if( (NSSArena *)NULL == arena ) {
michael@0 318 goto loser;
michael@0 319 }
michael@0 320
michael@0 321 rv = nss_ZNEW(arena, NSSCKMDFindObjects);
michael@0 322 if( (NSSCKMDFindObjects *)NULL == rv ) {
michael@0 323 *pError = CKR_HOST_MEMORY;
michael@0 324 goto loser;
michael@0 325 }
michael@0 326
michael@0 327 fo = nss_ZNEW(arena, struct ckmkFOStr);
michael@0 328 if( (struct ckmkFOStr *)NULL == fo ) {
michael@0 329 *pError = CKR_HOST_MEMORY;
michael@0 330 goto loser;
michael@0 331 }
michael@0 332
michael@0 333 fo->arena = arena;
michael@0 334 /* fo->n and fo->i are already zero */
michael@0 335
michael@0 336 rv->etc = (void *)fo;
michael@0 337 rv->Final = ckmk_mdFindObjects_Final;
michael@0 338 rv->Next = ckmk_mdFindObjects_Next;
michael@0 339 rv->null = (void *)NULL;
michael@0 340
michael@0 341 fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
michael@0 342 if (*pError != CKR_OK) {
michael@0 343 goto loser;
michael@0 344 }
michael@0 345
michael@0 346 fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n);
michael@0 347 if( (ckmkInternalObject **)NULL == fo->objs ) {
michael@0 348 *pError = CKR_HOST_MEMORY;
michael@0 349 goto loser;
michael@0 350 }
michael@0 351
michael@0 352 (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n);
michael@0 353 nss_ZFreeIf(temp);
michael@0 354 temp = (ckmkInternalObject **)NULL;
michael@0 355
michael@0 356 return rv;
michael@0 357
michael@0 358 loser:
michael@0 359 nss_ZFreeIf(temp);
michael@0 360 nss_ZFreeIf(fo);
michael@0 361 nss_ZFreeIf(rv);
michael@0 362 if ((NSSArena *)NULL != arena) {
michael@0 363 NSSArena_Destroy(arena);
michael@0 364 }
michael@0 365 return (NSSCKMDFindObjects *)NULL;
michael@0 366 }
michael@0 367

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial