1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/sftkpars.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,248 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * The following code handles the storage of PKCS 11 modules used by the
1.9 + * NSS. This file is written to abstract away how the modules are
1.10 + * stored so we can deside that later.
1.11 + */
1.12 +#include "pkcs11i.h"
1.13 +#include "sdb.h"
1.14 +#include "prprf.h"
1.15 +#include "prenv.h"
1.16 +#include "utilpars.h"
1.17 +
1.18 +#define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
1.19 +
1.20 +static void
1.21 +sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) {
1.22 + parsed->readOnly = NSSUTIL_ArgHasFlag("flags","readOnly",tmp);
1.23 + parsed->noCertDB = NSSUTIL_ArgHasFlag("flags","noCertDB",tmp);
1.24 + parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags","noKeyDB",tmp);
1.25 + parsed->forceOpen = NSSUTIL_ArgHasFlag("flags","forceOpen",tmp);
1.26 + parsed->pwRequired = NSSUTIL_ArgHasFlag("flags","passwordRequired",tmp);
1.27 + parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags","optimizeSpace",tmp);
1.28 + return;
1.29 +}
1.30 +
1.31 +static void
1.32 +sftk_parseFlags(char *tmp, sftk_parameters *parsed) {
1.33 + parsed->noModDB = NSSUTIL_ArgHasFlag("flags","noModDB",tmp);
1.34 + parsed->readOnly = NSSUTIL_ArgHasFlag("flags","readOnly",tmp);
1.35 + /* keep legacy interface working */
1.36 + parsed->noCertDB = NSSUTIL_ArgHasFlag("flags","noCertDB",tmp);
1.37 + parsed->forceOpen = NSSUTIL_ArgHasFlag("flags","forceOpen",tmp);
1.38 + parsed->pwRequired = NSSUTIL_ArgHasFlag("flags","passwordRequired",tmp);
1.39 + parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags","optimizeSpace",tmp);
1.40 + return;
1.41 +}
1.42 +
1.43 +static CK_RV
1.44 +sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed)
1.45 +{
1.46 + int next;
1.47 + char *tmp = NULL;
1.48 + char *index;
1.49 + index = NSSUTIL_ArgStrip(param);
1.50 +
1.51 + while (*index) {
1.52 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
1.53 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updatedir,"updateDir=",;)
1.54 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updCertPrefix,
1.55 + "updateCertPrefix=",;)
1.56 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updKeyPrefix,
1.57 + "updateKeyPrefix=",;)
1.58 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updateID,"updateID=",;)
1.59 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;)
1.60 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;)
1.61 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;)
1.62 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updtokdes,
1.63 + "updateTokenDescription=",;)
1.64 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;)
1.65 + NSSUTIL_HANDLE_STRING_ARG(index,tmp,"minPWLen=",
1.66 + if(tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; })
1.67 + NSSUTIL_HANDLE_STRING_ARG(index,tmp,"flags=",
1.68 + if(tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp);
1.69 + tmp = NULL; })
1.70 + NSSUTIL_HANDLE_FINAL_ARG(index)
1.71 + }
1.72 + return CKR_OK;
1.73 +}
1.74 +
1.75 +static void
1.76 +sftk_parseTokens(char *tokenParams, sftk_parameters *parsed)
1.77 +{
1.78 + char *tokenIndex;
1.79 + sftk_token_parameters *tokens = NULL;
1.80 + int i=0,count = 0,next;
1.81 +
1.82 + if ((tokenParams == NULL) || (*tokenParams == 0)) return;
1.83 +
1.84 + /* first count the number of slots */
1.85 + for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex;
1.86 + tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
1.87 + count++;
1.88 + }
1.89 +
1.90 + /* get the data structures */
1.91 + tokens = (sftk_token_parameters *)
1.92 + PORT_ZAlloc(count*sizeof(sftk_token_parameters));
1.93 + if (tokens == NULL) return;
1.94 +
1.95 + for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0;
1.96 + *tokenIndex && i < count ; i++ ) {
1.97 + char *name;
1.98 + name = NSSUTIL_ArgGetLabel(tokenIndex,&next);
1.99 + tokenIndex += next;
1.100 +
1.101 + tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name);
1.102 + tokens[i].readOnly = PR_FALSE;
1.103 + tokens[i].noCertDB = PR_FALSE;
1.104 + tokens[i].noKeyDB = PR_FALSE;
1.105 + if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
1.106 + char *args = NSSUTIL_ArgFetchValue(tokenIndex,&next);
1.107 + tokenIndex += next;
1.108 + if (args) {
1.109 + sftk_parseTokenParameters(args,&tokens[i]);
1.110 + PORT_Free(args);
1.111 + }
1.112 + }
1.113 + if (name) PORT_Free(name);
1.114 + tokenIndex = NSSUTIL_ArgStrip(tokenIndex);
1.115 + }
1.116 + parsed->token_count = i;
1.117 + parsed->tokens = tokens;
1.118 + return;
1.119 +}
1.120 +
1.121 +CK_RV
1.122 +sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
1.123 +{
1.124 + int next;
1.125 + char *tmp = NULL;
1.126 + char *index;
1.127 + char *certPrefix = NULL, *keyPrefix = NULL;
1.128 + char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL;
1.129 + char *slotdes = NULL, *pslotdes = NULL;
1.130 + char *fslotdes = NULL, *ftokdes = NULL;
1.131 + char *minPW = NULL;
1.132 + index = NSSUTIL_ArgStrip(param);
1.133 +
1.134 + PORT_Memset(parsed, 0, sizeof(sftk_parameters));
1.135 +
1.136 + while (*index) {
1.137 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
1.138 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updatedir,"updateDir=",;)
1.139 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->updateID,"updateID=",;)
1.140 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;)
1.141 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;)
1.142 + NSSUTIL_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;)
1.143 + /* constructed values, used so legacy interfaces still work */
1.144 + NSSUTIL_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;)
1.145 + NSSUTIL_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;)
1.146 + NSSUTIL_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;)
1.147 + NSSUTIL_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;)
1.148 + NSSUTIL_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;)
1.149 + NSSUTIL_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;)
1.150 + NSSUTIL_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;)
1.151 + NSSUTIL_HANDLE_STRING_ARG(index,ftokdes,"FIPSTokenDescription=",;)
1.152 + NSSUTIL_HANDLE_STRING_ARG(index,pupdtokdes, "updateTokenDescription=",;)
1.153 + NSSUTIL_HANDLE_STRING_ARG(index,minPW,"minPWLen=",;)
1.154 +
1.155 + NSSUTIL_HANDLE_STRING_ARG(index,tmp,"flags=",
1.156 + if(tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp);
1.157 + tmp = NULL; })
1.158 + NSSUTIL_HANDLE_STRING_ARG(index,tmp,"tokens=",
1.159 + if(tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; })
1.160 + NSSUTIL_HANDLE_FINAL_ARG(index)
1.161 + }
1.162 + if (parsed->tokens == NULL) {
1.163 + int count = isFIPS ? 1 : 2;
1.164 + int index = count-1;
1.165 + sftk_token_parameters *tokens = NULL;
1.166 +
1.167 + tokens = (sftk_token_parameters *)
1.168 + PORT_ZAlloc(count*sizeof(sftk_token_parameters));
1.169 + if (tokens == NULL) {
1.170 + goto loser;
1.171 + }
1.172 + parsed->tokens = tokens;
1.173 + parsed->token_count = count;
1.174 + tokens[index].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
1.175 + tokens[index].certPrefix = certPrefix;
1.176 + tokens[index].keyPrefix = keyPrefix;
1.177 + tokens[index].minPW = minPW ? atoi(minPW) : 0;
1.178 + tokens[index].readOnly = parsed->readOnly;
1.179 + tokens[index].noCertDB = parsed->noCertDB;
1.180 + tokens[index].noKeyDB = parsed->noCertDB;
1.181 + tokens[index].forceOpen = parsed->forceOpen;
1.182 + tokens[index].pwRequired = parsed->pwRequired;
1.183 + tokens[index].optimizeSpace = parsed->optimizeSpace;
1.184 + tokens[0].optimizeSpace = parsed->optimizeSpace;
1.185 + certPrefix = NULL;
1.186 + keyPrefix = NULL;
1.187 + if (isFIPS) {
1.188 + tokens[index].tokdes = ftokdes;
1.189 + tokens[index].updtokdes = pupdtokdes;
1.190 + tokens[index].slotdes = fslotdes;
1.191 + fslotdes = NULL;
1.192 + ftokdes = NULL;
1.193 + pupdtokdes = NULL;
1.194 + } else {
1.195 + tokens[index].tokdes = ptokdes;
1.196 + tokens[index].updtokdes = pupdtokdes;
1.197 + tokens[index].slotdes = pslotdes;
1.198 + tokens[0].slotID = NETSCAPE_SLOT_ID;
1.199 + tokens[0].tokdes = tokdes;
1.200 + tokens[0].slotdes = slotdes;
1.201 + tokens[0].noCertDB = PR_TRUE;
1.202 + tokens[0].noKeyDB = PR_TRUE;
1.203 + pupdtokdes = NULL;
1.204 + ptokdes = NULL;
1.205 + pslotdes = NULL;
1.206 + tokdes = NULL;
1.207 + slotdes = NULL;
1.208 + }
1.209 + }
1.210 +
1.211 +loser:
1.212 + FREE_CLEAR(certPrefix);
1.213 + FREE_CLEAR(keyPrefix);
1.214 + FREE_CLEAR(tokdes);
1.215 + FREE_CLEAR(ptokdes);
1.216 + FREE_CLEAR(pupdtokdes);
1.217 + FREE_CLEAR(slotdes);
1.218 + FREE_CLEAR(pslotdes);
1.219 + FREE_CLEAR(fslotdes);
1.220 + FREE_CLEAR(ftokdes);
1.221 + FREE_CLEAR(minPW);
1.222 + return CKR_OK;
1.223 +}
1.224 +
1.225 +void
1.226 +sftk_freeParams(sftk_parameters *params)
1.227 +{
1.228 + int i;
1.229 +
1.230 + for (i=0; i < params->token_count; i++) {
1.231 + FREE_CLEAR(params->tokens[i].configdir);
1.232 + FREE_CLEAR(params->tokens[i].certPrefix);
1.233 + FREE_CLEAR(params->tokens[i].keyPrefix);
1.234 + FREE_CLEAR(params->tokens[i].tokdes);
1.235 + FREE_CLEAR(params->tokens[i].slotdes);
1.236 + FREE_CLEAR(params->tokens[i].updatedir);
1.237 + FREE_CLEAR(params->tokens[i].updCertPrefix);
1.238 + FREE_CLEAR(params->tokens[i].updKeyPrefix);
1.239 + FREE_CLEAR(params->tokens[i].updateID);
1.240 + FREE_CLEAR(params->tokens[i].updtokdes);
1.241 + }
1.242 +
1.243 + FREE_CLEAR(params->configdir);
1.244 + FREE_CLEAR(params->secmodName);
1.245 + FREE_CLEAR(params->man);
1.246 + FREE_CLEAR(params->libdes);
1.247 + FREE_CLEAR(params->tokens);
1.248 + FREE_CLEAR(params->updatedir);
1.249 + FREE_CLEAR(params->updateID);
1.250 +}
1.251 +
