security/nss/lib/pk11wrap/dev3hack.c@6474c204b198
security/nss/lib/pk11wrap/dev3hack.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef PKIT_H
6 #include "pkit.h"
7 #endif /* PKIT_H */
9 #ifndef DEVM_H
10 #include "devm.h"
11 #endif /* DEVM_H */
13 #include "pki3hack.h"
14 #include "dev3hack.h"
15 #include "pkim.h"
17 #ifndef BASE_H
18 #include "base.h"
19 #endif /* BASE_H */
21 #include "pk11func.h"
22 #include "secmodti.h"
23 #include "secerr.h"
25 NSS_IMPLEMENT nssSession *
26 nssSession_ImportNSS3Session(NSSArena *arenaOpt,
27 CK_SESSION_HANDLE session,
28 PZLock *lock, PRBool rw)
29 {
30 nssSession *rvSession = NULL;
31 if (session != CK_INVALID_SESSION) {
32 rvSession = nss_ZNEW(arenaOpt, nssSession);
33 if (rvSession) {
34 rvSession->handle = session;
35 rvSession->lock = lock;
36 rvSession->ownLock = PR_FALSE;
37 rvSession->isRW = rw;
38 }
39 }
40 return rvSession;
41 }
43 NSS_IMPLEMENT nssSession *
44 nssSlot_CreateSession
45 (
46 NSSSlot *slot,
47 NSSArena *arenaOpt,
48 PRBool readWrite
49 )
50 {
51 nssSession *rvSession;
53 if (!readWrite) {
54 /* nss3hack version only returns rw swssions */
55 return NULL;
56 }
57 rvSession = nss_ZNEW(arenaOpt, nssSession);
58 if (!rvSession) {
59 return (nssSession *)NULL;
60 }
62 rvSession->handle = PK11_GetRWSession(slot->pk11slot);
63 if (rvSession->handle == CK_INVALID_HANDLE) {
64 nss_ZFreeIf(rvSession);
65 return NULL;
66 }
67 rvSession->isRW = PR_TRUE;
68 rvSession->slot = slot;
69 /*
70 * The session doesn't need its own lock. Here's why.
71 * 1. If we are reusing the default RW session of the slot,
72 * the slot lock is already locked to protect the session.
73 * 2. If the module is not thread safe, the slot (or rather
74 * module) lock is already locked.
75 * 3. If the module is thread safe and we are using a new
76 * session, no higher-level lock has been locked and we
77 * would need a lock for the new session. However, the
78 * current usage of the session is that it is always
79 * used and destroyed within the same function and never
80 * shared with another thread.
81 * So the session is either already protected by another
82 * lock or only used by one thread.
83 */
84 rvSession->lock = NULL;
85 rvSession->ownLock = PR_FALSE;
86 return rvSession;
87 }
89 NSS_IMPLEMENT PRStatus
90 nssSession_Destroy
91 (
92 nssSession *s
93 )
94 {
95 CK_RV ckrv = CKR_OK;
96 if (s) {
97 if (s->isRW) {
98 PK11_RestoreROSession(s->slot->pk11slot, s->handle);
99 }
100 nss_ZFreeIf(s);
101 }
102 return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
103 }
105 static NSSSlot *
106 nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
107 {
108 NSSSlot *rvSlot;
109 NSSArena *arena;
110 arena = nssArena_Create();
111 if (!arena) {
112 return NULL;
113 }
114 rvSlot = nss_ZNEW(arena, NSSSlot);
115 if (!rvSlot) {
116 nssArena_Destroy(arena);
117 return NULL;
118 }
119 rvSlot->base.refCount = 1;
120 rvSlot->base.lock = PZ_NewLock(nssILockOther);
121 rvSlot->base.arena = arena;
122 rvSlot->pk11slot = nss3slot;
123 rvSlot->epv = nss3slot->functionList;
124 rvSlot->slotID = nss3slot->slotID;
125 /* Grab the slot name from the PKCS#11 fixed-length buffer */
126 rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
127 rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
128 return rvSlot;
129 }
131 NSSToken *
132 nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
133 {
134 NSSToken *rvToken;
135 NSSArena *arena;
137 /* Don't create a token object for a disabled slot */
138 if (nss3slot->disabled) {
139 PORT_SetError(SEC_ERROR_NO_TOKEN);
140 return NULL;
141 }
142 arena = nssArena_Create();
143 if (!arena) {
144 return NULL;
145 }
146 rvToken = nss_ZNEW(arena, NSSToken);
147 if (!rvToken) {
148 nssArena_Destroy(arena);
149 return NULL;
150 }
151 rvToken->base.refCount = 1;
152 rvToken->base.lock = PZ_NewLock(nssILockOther);
153 if (!rvToken->base.lock) {
154 nssArena_Destroy(arena);
155 return NULL;
156 }
157 rvToken->base.arena = arena;
158 rvToken->pk11slot = nss3slot;
159 rvToken->epv = nss3slot->functionList;
160 rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
161 nss3slot->session,
162 nss3slot->sessionLock,
163 nss3slot->defRWSession);
164 #if 0 /* we should do this instead of blindly continuing. */
165 if (!rvToken->defaultSession) {
166 PORT_SetError(SEC_ERROR_NO_TOKEN);
167 goto loser;
168 }
169 #endif
170 if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
171 rvToken->cache = nssTokenObjectCache_Create(rvToken,
172 PR_TRUE, PR_TRUE, PR_TRUE);
173 if (!rvToken->cache)
174 goto loser;
175 }
176 rvToken->trustDomain = td;
177 /* Grab the token name from the PKCS#11 fixed-length buffer */
178 rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena);
179 rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
180 if (!rvToken->slot) {
181 goto loser;
182 }
183 rvToken->slot->token = rvToken;
184 if (rvToken->defaultSession)
185 rvToken->defaultSession->slot = rvToken->slot;
186 return rvToken;
187 loser:
188 PZ_DestroyLock(rvToken->base.lock);
189 nssArena_Destroy(arena);
190 return NULL;
191 }
193 NSS_IMPLEMENT void
194 nssToken_UpdateName(NSSToken *token)
195 {
196 if (!token) {
197 return;
198 }
199 token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name,token->base.arena);
200 }
202 NSS_IMPLEMENT PRBool
203 nssSlot_IsPermanent
204 (
205 NSSSlot *slot
206 )
207 {
208 return slot->pk11slot->isPerm;
209 }
211 NSS_IMPLEMENT PRBool
212 nssSlot_IsFriendly
213 (
214 NSSSlot *slot
215 )
216 {
217 return PK11_IsFriendly(slot->pk11slot);
218 }
220 NSS_IMPLEMENT PRStatus
221 nssToken_Refresh(NSSToken *token)
222 {
223 PK11SlotInfo *nss3slot;
225 if (!token) {
226 return PR_SUCCESS;
227 }
228 nss3slot = token->pk11slot;
229 token->defaultSession =
230 nssSession_ImportNSS3Session(token->slot->base.arena,
231 nss3slot->session,
232 nss3slot->sessionLock,
233 nss3slot->defRWSession);
234 return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
235 }
237 NSS_IMPLEMENT PRStatus
238 nssSlot_Refresh
239 (
240 NSSSlot *slot
241 )
242 {
243 PK11SlotInfo *nss3slot = slot->pk11slot;
244 PRBool doit = PR_FALSE;
245 if (slot->token && slot->token->base.name[0] == 0) {
246 doit = PR_TRUE;
247 }
248 if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
249 return PR_FAILURE;
250 }
251 if (doit) {
252 nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
253 slot->token);
254 }
255 return nssToken_Refresh(slot->token);
256 }
258 NSS_IMPLEMENT PRStatus
259 nssToken_GetTrustOrder
260 (
261 NSSToken *tok
262 )
263 {
264 PK11SlotInfo *slot;
265 SECMODModule *module;
266 slot = tok->pk11slot;
267 module = PK11_GetModule(slot);
268 return module->trustOrder;
269 }
271 NSS_IMPLEMENT PRBool
272 nssSlot_IsLoggedIn
273 (
274 NSSSlot *slot
275 )
276 {
277 if (!slot->pk11slot->needLogin) {
278 return PR_TRUE;
279 }
280 return PK11_IsLoggedIn(slot->pk11slot, NULL);
281 }
284 NSSTrustDomain *
285 nssToken_GetTrustDomain(NSSToken *token)
286 {
287 return token->trustDomain;
288 }
290 NSS_EXTERN PRStatus
291 nssTrustDomain_RemoveTokenCertsFromCache
292 (
293 NSSTrustDomain *td,
294 NSSToken *token
295 );
297 NSS_IMPLEMENT PRStatus
298 nssToken_NotifyCertsNotVisible
299 (
300 NSSToken *tok
301 )
302 {
303 return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
304 }
