trustbridge/nss-cmake-static: nss/lib/softoken/legacydb/lgcreate.c annotate

annotate nss/lib/softoken/legacydb/lgcreate.c @ 3:150b72113545

Add DBM and legacydb support

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Tue, 05 Aug 2014 18:32:02 +0200
parents
children

rev	line source
3 150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	1 /* This Source Code Form is subject to the terms of the Mozilla Public
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	2 * License, v. 2.0. If a copy of the MPL was not distributed with this
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	4 #include "secitem.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	5 #include "pkcs11.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	6 #include "lgdb.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	7 #include "pcert.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	8 #include "lowkeyi.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	9 #include "blapi.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	10 #include "secder.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	11 #include "secasn1.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	12
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	13 #include "keydbi.h"
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	14
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	15 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	16 * ****************** Object Creation Utilities *************************
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	17 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	18
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	19 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	20 * check the consistancy and initialize a Certificate Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	21 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	22 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	23 lg_createCertObject(SDB sdb, CK_OBJECT_HANDLE handle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	24 const CK_ATTRIBUTE *templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	25 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	26 SECItem derCert;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	27 NSSLOWCERTCertificate *cert;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	28 NSSLOWCERTCertTrust *trust = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	29 NSSLOWCERTCertTrust userTrust =
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	30 { CERTDB_USER, CERTDB_USER, CERTDB_USER };
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	31 NSSLOWCERTCertTrust defTrust =
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	32 { CERTDB_TRUSTED_UNKNOWN,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	33 CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	34 char *label = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	35 char *email = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	36 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	37 CK_RV crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	38 PRBool inDB = PR_TRUE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	39 NSSLOWCERTCertDBHandle *certHandle = lg_getCertDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	40 NSSLOWKEYDBHandle *keyHandle = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	41 CK_CERTIFICATE_TYPE type;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	42 const CK_ATTRIBUTE *attribute;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	43
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	44 /* we can't store any certs private */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	45 if (lg_isTrue(CKA_PRIVATE, templ, count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	46 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	47 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	48
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	49 /* We only support X.509 Certs for now */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	50 crv = lg_GetULongAttribute(CKA_CERTIFICATE_TYPE, templ, count, &type);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	51 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	52 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	53 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	54
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	55 if (type != CKC_X_509) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	56 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	57 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	58
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	59 /* X.509 Certificate */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	60
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	61
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	62 if (certHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	63 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	64 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	65
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	66 /* get the der cert */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	67 attribute = lg_FindAttribute(CKA_VALUE, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	68 if (!attribute) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	69 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	70 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	71
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	72 derCert.type = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	73 derCert.data = (unsigned char *)attribute->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	74 derCert.len = attribute->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	75
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	76 label = lg_getString(CKA_LABEL, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	77
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	78 cert = nsslowcert_FindCertByDERCert(certHandle, &derCert);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	79 if (cert == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	80 cert = nsslowcert_DecodeDERCertificate(&derCert, label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	81 inDB = PR_FALSE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	82 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	83 if (cert == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	84 if (label) PORT_Free(label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	85 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	86 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	87
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	88 keyHandle = lg_getKeyDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	89 if (keyHandle) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	90 if (nsslowkey_KeyForCertExists(keyHandle,cert)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	91 trust = &userTrust;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	92 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	93 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	94
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	95 if (!inDB) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	96 if (!trust) trust = &defTrust;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	97 rv = nsslowcert_AddPermCert(certHandle, cert, label, trust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	98 } else {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	99 rv = trust ? nsslowcert_ChangeCertTrust(certHandle,cert,trust) :
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	100 SECSuccess;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	101 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	102
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	103 if (label) PORT_Free(label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	104
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	105 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	106 nsslowcert_DestroyCertificate(cert);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	107 return CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	108 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	109
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	110 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	111 * Add a NULL S/MIME profile if necessary.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	112 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	113 email = lg_getString(CKA_NSS_EMAIL, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	114 if (email) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	115 certDBEntrySMime *entry;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	116
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	117 entry = nsslowcert_ReadDBSMimeEntry(certHandle,email);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	118 if (!entry) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	119 nsslowcert_SaveSMimeProfile(certHandle, email,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	120 &cert->derSubject, NULL, NULL);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	121 } else {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	122 nsslowcert_DestroyDBEntry((certDBEntry *)entry);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	123 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	124 PORT_Free(email);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	125 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	126 *handle=lg_mkHandle(sdb,&cert->certKey,LG_TOKEN_TYPE_CERT);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	127 nsslowcert_DestroyCertificate(cert);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	128
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	129 return CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	130 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	131
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	132 unsigned int
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	133 lg_MapTrust(CK_TRUST trust, PRBool clientAuth)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	134 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	135 unsigned int trustCA = clientAuth ? CERTDB_TRUSTED_CLIENT_CA :
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	136 CERTDB_TRUSTED_CA;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	137 switch (trust) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	138 case CKT_NSS_TRUSTED:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	139 return CERTDB_TERMINAL_RECORD\|CERTDB_TRUSTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	140 case CKT_NSS_TRUSTED_DELEGATOR:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	141 return CERTDB_VALID_CA\|trustCA;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	142 case CKT_NSS_MUST_VERIFY_TRUST:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	143 return CERTDB_MUST_VERIFY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	144 case CKT_NSS_NOT_TRUSTED:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	145 return CERTDB_TERMINAL_RECORD;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	146 case CKT_NSS_VALID_DELEGATOR: /* implies must verify */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	147 return CERTDB_VALID_CA;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	148 default:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	149 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	150 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	151 return CERTDB_TRUSTED_UNKNOWN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	152 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	153
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	154
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	155 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	156 * check the consistancy and initialize a Trust Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	157 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	158 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	159 lg_createTrustObject(SDB sdb, CK_OBJECT_HANDLE handle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	160 const CK_ATTRIBUTE *templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	161 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	162 const CK_ATTRIBUTE *issuer = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	163 const CK_ATTRIBUTE *serial = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	164 NSSLOWCERTCertificate *cert = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	165 const CK_ATTRIBUTE *trust;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	166 CK_TRUST sslTrust = CKT_NSS_TRUST_UNKNOWN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	167 CK_TRUST clientTrust = CKT_NSS_TRUST_UNKNOWN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	168 CK_TRUST emailTrust = CKT_NSS_TRUST_UNKNOWN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	169 CK_TRUST signTrust = CKT_NSS_TRUST_UNKNOWN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	170 CK_BBOOL stepUp;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	171 NSSLOWCERTCertTrust dbTrust = { 0 };
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	172 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	173 NSSLOWCERTCertDBHandle *certHandle = lg_getCertDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	174 NSSLOWCERTIssuerAndSN issuerSN;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	175
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	176 /* we can't store any certs private */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	177 if (lg_isTrue(CKA_PRIVATE, templ, count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	178 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	179 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	180
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	181 if (certHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	182 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	183 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	184
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	185 issuer = lg_FindAttribute(CKA_ISSUER, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	186 serial = lg_FindAttribute(CKA_SERIAL_NUMBER, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	187
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	188 if (issuer && serial) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	189 issuerSN.derIssuer.data = (unsigned char *)issuer->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	190 issuerSN.derIssuer.len = issuer->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	191
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	192 issuerSN.serialNumber.data = (unsigned char *)serial->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	193 issuerSN.serialNumber.len = serial->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	194
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	195 cert = nsslowcert_FindCertByIssuerAndSN(certHandle,&issuerSN);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	196 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	197
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	198 if (cert == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	199 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	200 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	201
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	202 lg_GetULongAttribute(CKA_TRUST_SERVER_AUTH, templ, count, &sslTrust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	203 lg_GetULongAttribute(CKA_TRUST_CLIENT_AUTH, templ, count, &clientTrust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	204 lg_GetULongAttribute(CKA_TRUST_EMAIL_PROTECTION, templ, count, &emailTrust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	205 lg_GetULongAttribute(CKA_TRUST_CODE_SIGNING, templ, count, &signTrust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	206 stepUp = CK_FALSE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	207 trust = lg_FindAttribute(CKA_TRUST_STEP_UP_APPROVED, templ, count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	208 if (trust) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	209 if (trust->ulValueLen == sizeof(CK_BBOOL)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	210 stepUp = (CK_BBOOL)trust->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	211 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	212 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	213
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	214 /* preserve certain old fields */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	215 if (cert->trust) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	216 dbTrust.sslFlags = cert->trust->sslFlags & CERTDB_PRESERVE_TRUST_BITS;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	217 dbTrust.emailFlags=
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	218 cert->trust->emailFlags & CERTDB_PRESERVE_TRUST_BITS;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	219 dbTrust.objectSigningFlags =
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	220 cert->trust->objectSigningFlags & CERTDB_PRESERVE_TRUST_BITS;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	221 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	222
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	223 dbTrust.sslFlags \|= lg_MapTrust(sslTrust,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	224 dbTrust.sslFlags \|= lg_MapTrust(clientTrust,PR_TRUE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	225 dbTrust.emailFlags \|= lg_MapTrust(emailTrust,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	226 dbTrust.objectSigningFlags \|= lg_MapTrust(signTrust,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	227 if (stepUp) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	228 dbTrust.sslFlags \|= CERTDB_GOVT_APPROVED_CA;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	229 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	230
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	231 rv = nsslowcert_ChangeCertTrust(certHandle,cert,&dbTrust);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	232 *handle=lg_mkHandle(sdb,&cert->certKey,LG_TOKEN_TYPE_TRUST);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	233 nsslowcert_DestroyCertificate(cert);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	234 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	235 return CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	236 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	237
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	238 return CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	239 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	240
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	241 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	242 * check the consistancy and initialize a Trust Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	243 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	244 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	245 lg_createSMimeObject(SDB sdb, CK_OBJECT_HANDLE handle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	246 const CK_ATTRIBUTE *templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	247 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	248 SECItem derSubj,rawProfile,rawTime,emailKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	249 SECItem *pRawProfile = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	250 SECItem *pRawTime = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	251 char *email = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	252 const CK_ATTRIBUTE *subject = NULL,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	253 *profile = NULL,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	254 *time = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	255 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	256 NSSLOWCERTCertDBHandle *certHandle;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	257 CK_RV ck_rv = CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	258
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	259 /* we can't store any certs private */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	260 if (lg_isTrue(CKA_PRIVATE,templ,count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	261 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	262 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	263
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	264 certHandle = lg_getCertDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	265 if (certHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	266 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	267 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	268
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	269 /* lookup SUBJECT */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	270 subject = lg_FindAttribute(CKA_SUBJECT,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	271 PORT_Assert(subject);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	272 if (!subject) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	273 ck_rv = CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	274 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	275 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	276
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	277 derSubj.data = (unsigned char *)subject->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	278 derSubj.len = subject->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	279 derSubj.type = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	280
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	281 /* lookup VALUE */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	282 profile = lg_FindAttribute(CKA_VALUE,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	283 if (profile) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	284 rawProfile.data = (unsigned char *)profile->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	285 rawProfile.len = profile->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	286 rawProfile.type = siBuffer;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	287 pRawProfile = &rawProfile;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	288 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	289
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	290 /* lookup Time */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	291 time = lg_FindAttribute(CKA_NSS_SMIME_TIMESTAMP,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	292 if (time) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	293 rawTime.data = (unsigned char *)time->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	294 rawTime.len = time->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	295 rawTime.type = siBuffer;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	296 pRawTime = &rawTime;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	297 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	298
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	299
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	300 email = lg_getString(CKA_NSS_EMAIL,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	301 if (!email) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	302 ck_rv = CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	303 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	304 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	305
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	306 /* Store S/MIME Profile by SUBJECT */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	307 rv = nsslowcert_SaveSMimeProfile(certHandle, email, &derSubj,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	308 pRawProfile,pRawTime);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	309 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	310 ck_rv = CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	311 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	312 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	313 emailKey.data = (unsigned char *)email;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	314 emailKey.len = PORT_Strlen(email)+1;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	315
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	316 *handle = lg_mkHandle(sdb, &emailKey, LG_TOKEN_TYPE_SMIME);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	317
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	318 loser:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	319 if (email) PORT_Free(email);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	320
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	321 return ck_rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	322 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	323
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	324 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	325 * check the consistancy and initialize a Trust Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	326 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	327 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	328 lg_createCrlObject(SDB sdb, CK_OBJECT_HANDLE handle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	329 const CK_ATTRIBUTE *templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	330 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	331 PRBool isKRL = PR_FALSE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	332 SECItem derSubj,derCrl;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	333 char *url = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	334 const CK_ATTRIBUTE subject,crl;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	335 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	336 NSSLOWCERTCertDBHandle *certHandle;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	337
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	338 certHandle = lg_getCertDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	339
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	340 /* we can't store any private crls */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	341 if (lg_isTrue(CKA_PRIVATE,templ,count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	342 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	343 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	344
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	345 if (certHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	346 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	347 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	348
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	349 /* lookup SUBJECT */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	350 subject = lg_FindAttribute(CKA_SUBJECT,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	351 if (!subject) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	352 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	353 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	354
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	355 derSubj.data = (unsigned char *)subject->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	356 derSubj.len = subject->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	357
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	358 /* lookup VALUE */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	359 crl = lg_FindAttribute(CKA_VALUE,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	360 PORT_Assert(crl);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	361 if (!crl) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	362 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	363 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	364 derCrl.data = (unsigned char *)crl->pValue;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	365 derCrl.len = crl->ulValueLen ;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	366
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	367 url = lg_getString(CKA_NSS_URL,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	368 isKRL = lg_isTrue(CKA_NSS_KRL,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	369
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	370 /* Store CRL by SUBJECT */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	371 rv = nsslowcert_AddCrl(certHandle, &derCrl, &derSubj, url, isKRL);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	372
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	373 if (url) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	374 PORT_Free(url);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	375 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	376 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	377 return CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	378 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	379
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	380 /* if we overwrote the existing CRL, poison the handle entry so we get
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	381 * a new object handle */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	382 (void) lg_poisonHandle(sdb, &derSubj,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	383 isKRL ? LG_TOKEN_KRL_HANDLE : LG_TOKEN_TYPE_CRL);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	384 *handle = lg_mkHandle(sdb, &derSubj,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	385 isKRL ? LG_TOKEN_KRL_HANDLE : LG_TOKEN_TYPE_CRL);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	386
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	387 return CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	388 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	389
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	390 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	391 * check the consistancy and initialize a Public Key Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	392 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	393 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	394 lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	395 CK_OBJECT_HANDLE handle, const CK_ATTRIBUTE templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	396 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	397 CK_ATTRIBUTE_TYPE pubKeyAttr = CKA_VALUE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	398 CK_RV crv = CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	399 NSSLOWKEYPrivateKey *priv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	400 SECItem pubKeySpace = {siBuffer, NULL, 0};
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	401 SECItem *pubKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	402 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	403 SECItem pubKey2Space = {siBuffer, NULL, 0};
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	404 PLArenaPool *arena = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	405 #endif /* NSS_DISABLE_ECC */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	406 NSSLOWKEYDBHandle *keyHandle = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	407
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	408
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	409 switch (key_type) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	410 case CKK_RSA:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	411 pubKeyAttr = CKA_MODULUS;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	412 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	413 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	414 case CKK_EC:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	415 pubKeyAttr = CKA_EC_POINT;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	416 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	417 #endif /* NSS_DISABLE_ECC */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	418 case CKK_DSA:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	419 case CKK_DH:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	420 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	421 default:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	422 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	423 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	424
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	425
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	426 pubKey = &pubKeySpace;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	427 crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	428 if (crv != CKR_OK) return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	429
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	430 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	431 if (key_type == CKK_EC) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	432 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	433 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	434 * for ECC, use the decoded key first.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	435 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	436 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	437 if (arena == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	438 crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	439 goto done;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	440 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	441 rv= SEC_QuickDERDecodeItem(arena, &pubKey2Space,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	442 SEC_ASN1_GET(SEC_OctetStringTemplate),
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	443 pubKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	444 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	445 /* decode didn't work, just try the pubKey */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	446 PORT_FreeArena(arena, PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	447 arena = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	448 } else {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	449 /* try the decoded pub key first */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	450 pubKey = &pubKey2Space;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	451 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	452 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	453 #endif /* NSS_DISABLE_ECC */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	454
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	455 PORT_Assert(pubKey->data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	456 if (pubKey->data == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	457 crv = CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	458 goto done;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	459 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	460 keyHandle = lg_getKeyDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	461 if (keyHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	462 crv = CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	463 goto done;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	464 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	465 if (keyHandle->version != 3) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	466 unsigned char buf[SHA1_LENGTH];
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	467 SHA1_HashBuf(buf,pubKey->data,pubKey->len);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	468 PORT_Memcpy(pubKey->data,buf,sizeof(buf));
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	469 pubKey->len = sizeof(buf);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	470 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	471 /* make sure the associated private key already exists */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	472 /* only works if we are logged in */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	473 priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /password/);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	474 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	475 if (priv == NULL && pubKey == &pubKey2Space) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	476 /* no match on the decoded key, match the original pubkey */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	477 pubKey = &pubKeySpace;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	478 priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	479 sdb /password/);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	480 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	481 #endif
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	482 if (priv == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	483 /* the legacy database can only 'store' public keys which already
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	484 * have their corresponding private keys in the database */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	485 crv = CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	486 goto done;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	487 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	488 lg_nsslowkey_DestroyPrivateKey(priv);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	489 crv = CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	490
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	491 *handle = lg_mkHandle(sdb, pubKey, LG_TOKEN_TYPE_PUB);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	492
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	493 done:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	494 PORT_Free(pubKeySpace.data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	495 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	496 if (arena)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	497 PORT_FreeArena(arena, PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	498 #endif
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	499
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	500 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	501 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	502
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	503 /* make a private key from a verified object */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	504 static NSSLOWKEYPrivateKey *
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	505 lg_mkPrivKey(SDB sdb, const CK_ATTRIBUTE templ, CK_ULONG count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	506 CK_KEY_TYPE key_type, CK_RV *crvp)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	507 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	508 NSSLOWKEYPrivateKey *privKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	509 PLArenaPool *arena;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	510 CK_RV crv = CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	511 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	512
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	513 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	514 if (arena == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	515 *crvp = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	516 return NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	517 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	518
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	519 privKey = (NSSLOWKEYPrivateKey *)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	520 PORT_ArenaZAlloc(arena,sizeof(NSSLOWKEYPrivateKey));
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	521 if (privKey == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	522 PORT_FreeArena(arena,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	523 *crvp = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	524 return NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	525 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	526
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	527 /* in future this would be a switch on key_type */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	528 privKey->arena = arena;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	529 switch (key_type) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	530 case CKK_RSA:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	531 privKey->keyType = NSSLOWKEYRSAKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	532 crv=lg_Attribute2SSecItem(arena,CKA_MODULUS,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	533 &privKey->u.rsa.modulus);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	534 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	535 crv=lg_Attribute2SSecItem(arena,CKA_PUBLIC_EXPONENT,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	536 &privKey->u.rsa.publicExponent);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	537 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	538 crv=lg_PrivAttr2SSecItem(arena,CKA_PRIVATE_EXPONENT,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	539 &privKey->u.rsa.privateExponent, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	540 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	541 crv=lg_PrivAttr2SSecItem(arena,CKA_PRIME_1,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	542 &privKey->u.rsa.prime1, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	543 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	544 crv=lg_PrivAttr2SSecItem(arena,CKA_PRIME_2,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	545 &privKey->u.rsa.prime2, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	546 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	547 crv=lg_PrivAttr2SSecItem(arena,CKA_EXPONENT_1,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	548 &privKey->u.rsa.exponent1, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	549 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	550 crv=lg_PrivAttr2SSecItem(arena,CKA_EXPONENT_2,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	551 &privKey->u.rsa.exponent2, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	552 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	553 crv=lg_PrivAttr2SSecItem(arena,CKA_COEFFICIENT,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	554 &privKey->u.rsa.coefficient, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	555 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	556 rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	557 NSSLOWKEY_VERSION);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	558 if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	559 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	560
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	561 case CKK_DSA:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	562 privKey->keyType = NSSLOWKEYDSAKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	563 crv = lg_Attribute2SSecItem(arena,CKA_PRIME,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	564 &privKey->u.dsa.params.prime);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	565 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	566 crv = lg_Attribute2SSecItem(arena,CKA_SUBPRIME,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	567 &privKey->u.dsa.params.subPrime);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	568 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	569 crv = lg_Attribute2SSecItem(arena,CKA_BASE,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	570 &privKey->u.dsa.params.base);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	571 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	572 crv = lg_PrivAttr2SSecItem(arena,CKA_VALUE,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	573 &privKey->u.dsa.privateValue, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	574 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	575 if (lg_hasAttribute(CKA_NETSCAPE_DB, templ,count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	576 crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	577 &privKey->u.dsa.publicValue);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	578 /* privKey was zero'd so public value is already set to NULL, 0
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	579 * if we don't set it explicitly */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	580 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	581 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	582
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	583 case CKK_DH:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	584 privKey->keyType = NSSLOWKEYDHKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	585 crv = lg_Attribute2SSecItem(arena,CKA_PRIME,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	586 &privKey->u.dh.prime);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	587 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	588 crv = lg_Attribute2SSecItem(arena,CKA_BASE,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	589 &privKey->u.dh.base);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	590 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	591 crv = lg_PrivAttr2SSecItem(arena,CKA_VALUE,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	592 &privKey->u.dh.privateValue, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	593 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	594 if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	595 crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	596 &privKey->u.dh.publicValue);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	597 /* privKey was zero'd so public value is already set to NULL, 0
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	598 * if we don't set it explicitly */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	599 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	600 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	601
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	602 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	603 case CKK_EC:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	604 privKey->keyType = NSSLOWKEYECKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	605 crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	606 &privKey->u.ec.ecParams.DEREncoding);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	607 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	608
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	609 /* Fill out the rest of the ecParams structure
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	610 * based on the encoded params
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	611 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	612 if (LGEC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	613 &privKey->u.ec.ecParams) != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	614 crv = CKR_DOMAIN_PARAMS_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	615 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	616 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	617 crv = lg_PrivAttr2SSecItem(arena,CKA_VALUE,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	618 &privKey->u.ec.privateValue, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	619 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	620 if (lg_hasAttribute(CKA_NETSCAPE_DB,templ,count)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	621 crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB,templ,count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	622 &privKey->u.ec.publicValue);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	623 if (crv != CKR_OK) break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	624 /* privKey was zero'd so public value is already set to NULL, 0
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	625 * if we don't set it explicitly */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	626 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	627 rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	628 NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	629 if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	630 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	631 #endif /* NSS_DISABLE_ECC */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	632
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	633 default:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	634 crv = CKR_KEY_TYPE_INCONSISTENT;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	635 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	636 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	637 *crvp = crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	638 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	639 PORT_FreeArena(arena,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	640 return NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	641 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	642 return privKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	643 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	644
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	645 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	646 * check the consistancy and initialize a Private Key Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	647 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	648 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	649 lg_createPrivateKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	650 CK_OBJECT_HANDLE handle, const CK_ATTRIBUTE templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	651 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	652 NSSLOWKEYPrivateKey *privKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	653 char *label;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	654 SECStatus rv = SECSuccess;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	655 CK_RV crv = CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	656 SECItem pubKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	657 NSSLOWKEYDBHandle *keyHandle = lg_getKeyDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	658
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	659 if (keyHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	660 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	661 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	662
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	663 privKey=lg_mkPrivKey(sdb, templ,count,key_type,&crv);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	664 if (privKey == NULL) return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	665 label = lg_getString(CKA_LABEL,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	666
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	667 crv = lg_Attribute2SSecItem(NULL,CKA_NETSCAPE_DB,templ,count,&pubKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	668 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	669 crv = CKR_TEMPLATE_INCOMPLETE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	670 rv = SECFailure;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	671 goto fail;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	672 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	673 #ifdef notdef
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	674 if (keyHandle->version != 3) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	675 unsigned char buf[SHA1_LENGTH];
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	676 SHA1_HashBuf(buf,pubKey.data,pubKey.len);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	677 PORT_Memcpy(pubKey.data,buf,sizeof(buf));
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	678 pubKey.len = sizeof(buf);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	679 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	680 #endif
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	681 /* get the key type */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	682 if (key_type == CKK_RSA) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	683 rv = RSA_PrivateKeyCheck(&privKey->u.rsa);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	684 if (rv == SECFailure) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	685 goto fail;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	686 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	687 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	688 rv = nsslowkey_StoreKeyByPublicKey(keyHandle, privKey, &pubKey,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	689 label, sdb /->password/);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	690
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	691 fail:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	692 if (label) PORT_Free(label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	693 *handle = lg_mkHandle(sdb,&pubKey,LG_TOKEN_TYPE_PRIV);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	694 if (pubKey.data) PORT_Free(pubKey.data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	695 lg_nsslowkey_DestroyPrivateKey(privKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	696 if (rv != SECSuccess) return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	697
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	698 return CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	699 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	700
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	701
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	702 #define LG_KEY_MAX_RETRIES 10 /* don't hang if we are having problems with the rng */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	703 #define LG_KEY_ID_SIZE 18 /* don't use either SHA1 or MD5 sizes */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	704 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	705 * Secret keys must have a CKA_ID value to be stored in the database. This code
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	706 * will generate one if there wasn't one already.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	707 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	708 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	709 lg_GenerateSecretCKA_ID(NSSLOWKEYDBHandle handle, SECItem id, char *label)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	710 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	711 unsigned int retries;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	712 SECStatus rv = SECSuccess;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	713 CK_RV crv = CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	714
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	715 id->data = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	716 if (label) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	717 id->data = (unsigned char *)PORT_Strdup(label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	718 if (id->data == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	719 return CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	720 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	721 id->len = PORT_Strlen(label)+1;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	722 if (!nsslowkey_KeyForIDExists(handle,id)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	723 return CKR_OK;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	724 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	725 PORT_Free(id->data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	726 id->data = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	727 id->len = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	728 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	729 id->data = (unsigned char *)PORT_Alloc(LG_KEY_ID_SIZE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	730 if (id->data == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	731 return CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	732 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	733 id->len = LG_KEY_ID_SIZE;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	734
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	735 retries = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	736 do {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	737 rv = RNG_GenerateGlobalRandomBytes(id->data,id->len);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	738 } while (rv == SECSuccess && nsslowkey_KeyForIDExists(handle,id) &&
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	739 (++retries <= LG_KEY_MAX_RETRIES));
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	740
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	741 if ((rv != SECSuccess) \|\| (retries > LG_KEY_MAX_RETRIES)) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	742 crv = CKR_DEVICE_ERROR; /* random number generator is bad */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	743 PORT_Free(id->data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	744 id->data = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	745 id->len = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	746 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	747 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	748 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	749
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	750
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	751 static NSSLOWKEYPrivateKey lg_mkSecretKeyRep(const CK_ATTRIBUTE templ,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	752 CK_ULONG count, CK_KEY_TYPE key_type,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	753 SECItem pubkey, SDB sdbpw)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	754 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	755 NSSLOWKEYPrivateKey *privKey = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	756 PLArenaPool *arena = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	757 CK_KEY_TYPE keyType;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	758 PRUint32 keyTypeStorage;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	759 SECItem keyTypeItem;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	760 CK_RV crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	761 SECStatus rv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	762 static unsigned char derZero[1] = { 0 };
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	763
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	764 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	765 if (arena == NULL) { crv = CKR_HOST_MEMORY; goto loser; }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	766
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	767 privKey = (NSSLOWKEYPrivateKey *)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	768 PORT_ArenaZAlloc(arena,sizeof(NSSLOWKEYPrivateKey));
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	769 if (privKey == NULL) { crv = CKR_HOST_MEMORY; goto loser; }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	770
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	771 privKey->arena = arena;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	772
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	773 /* Secret keys are represented in the database as "fake" RSA keys.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	774 * The RSA key is marked as a secret key representation by setting the
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	775 * public exponent field to 0, which is an invalid RSA exponent.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	776 * The other fields are set as follows:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	777 * modulus - CKA_ID value for the secret key
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	778 * private exponent - CKA_VALUE (the key itself)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	779 * coefficient - CKA_KEY_TYPE, which indicates what encryption algorithm
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	780 * is used for the key.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	781 * all others - set to integer 0
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	782 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	783 privKey->keyType = NSSLOWKEYRSAKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	784
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	785 /* The modulus is set to the key id of the symmetric key */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	786 privKey->u.rsa.modulus.data =
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	787 (unsigned char *) PORT_ArenaAlloc(arena, pubkey->len);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	788 if (privKey->u.rsa.modulus.data == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	789 crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	790 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	791 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	792 privKey->u.rsa.modulus.len = pubkey->len;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	793 PORT_Memcpy(privKey->u.rsa.modulus.data, pubkey->data, pubkey->len);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	794
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	795 /* The public exponent is set to 0 to indicate a special key */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	796 privKey->u.rsa.publicExponent.len = sizeof derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	797 privKey->u.rsa.publicExponent.data = derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	798
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	799 /* The private exponent is the actual key value */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	800 crv = lg_PrivAttr2SecItem(arena, CKA_VALUE, templ, count,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	801 &privKey->u.rsa.privateExponent, sdbpw);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	802 if (crv != CKR_OK) goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	803
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	804 /* All other fields empty - needs testing */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	805 privKey->u.rsa.prime1.len = sizeof derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	806 privKey->u.rsa.prime1.data = derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	807
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	808 privKey->u.rsa.prime2.len = sizeof derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	809 privKey->u.rsa.prime2.data = derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	810
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	811 privKey->u.rsa.exponent1.len = sizeof derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	812 privKey->u.rsa.exponent1.data = derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	813
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	814 privKey->u.rsa.exponent2.len = sizeof derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	815 privKey->u.rsa.exponent2.data = derZero;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	816
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	817 /* Coeficient set to KEY_TYPE */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	818 crv = lg_GetULongAttribute(CKA_KEY_TYPE, templ, count, &keyType);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	819 if (crv != CKR_OK) goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	820 /* on 64 bit platforms, we still want to store 32 bits of keyType (This is
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	821 * safe since the PKCS #11 defines for all types are 32 bits or less). */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	822 keyTypeStorage = (PRUint32) keyType;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	823 keyTypeStorage = PR_htonl(keyTypeStorage);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	824 keyTypeItem.data = (unsigned char *)&keyTypeStorage;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	825 keyTypeItem.len = sizeof (keyTypeStorage);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	826 rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	827 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	828 crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	829 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	830 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	831
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	832 /* Private key version field set normally for compatibility */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	833 rv = DER_SetUInteger(privKey->arena,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	834 &privKey->u.rsa.version, NSSLOWKEY_VERSION);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	835 if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; goto loser; }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	836
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	837 loser:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	838 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	839 PORT_FreeArena(arena,PR_FALSE);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	840 privKey = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	841 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	842
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	843 return privKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	844 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	845
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	846 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	847 * check the consistancy and initialize a Secret Key Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	848 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	849 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	850 lg_createSecretKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	851 CK_OBJECT_HANDLE handle, const CK_ATTRIBUTE templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	852 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	853 CK_RV crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	854 NSSLOWKEYPrivateKey *privKey = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	855 NSSLOWKEYDBHandle *keyHandle = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	856 SECItem pubKey;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	857 char *label = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	858 SECStatus rv = SECSuccess;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	859
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	860 pubKey.data = 0;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	861
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	862 /* If the object is a TOKEN object, store in the database */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	863 keyHandle = lg_getKeyDB(sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	864
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	865 if (keyHandle == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	866 return CKR_TOKEN_WRITE_PROTECTED;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	867 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	868
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	869 label = lg_getString(CKA_LABEL,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	870
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	871 crv = lg_Attribute2SecItem(NULL,CKA_ID,templ,count,&pubKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	872 /* Should this be ID? */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	873 if (crv != CKR_OK) goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	874
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	875 /* if we don't have an ID, generate one */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	876 if (pubKey.len == 0) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	877 if (pubKey.data) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	878 PORT_Free(pubKey.data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	879 pubKey.data = NULL;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	880 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	881 crv = lg_GenerateSecretCKA_ID(keyHandle, &pubKey, label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	882 if (crv != CKR_OK) goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	883 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	884
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	885 privKey = lg_mkSecretKeyRep(templ, count, key_type, &pubKey, sdb);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	886 if (privKey == NULL) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	887 crv = CKR_HOST_MEMORY;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	888 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	889 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	890
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	891 rv = nsslowkey_StoreKeyByPublicKey(keyHandle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	892 privKey, &pubKey, label, sdb /->password/);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	893 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	894 crv = CKR_DEVICE_ERROR;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	895 goto loser;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	896 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	897
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	898 *handle = lg_mkHandle(sdb, &pubKey, LG_TOKEN_TYPE_KEY);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	899
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	900 loser:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	901 if (label) PORT_Free(label);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	902 if (privKey) lg_nsslowkey_DestroyPrivateKey(privKey);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	903 if (pubKey.data) PORT_Free(pubKey.data);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	904
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	905 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	906 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	907
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	908 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	909 * check the consistancy and initialize a Key Object
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	910 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	911 static CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	912 lg_createKeyObject(SDB *sdb, CK_OBJECT_CLASS objclass,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	913 CK_OBJECT_HANDLE handle, const CK_ATTRIBUTE templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	914 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	915 CK_RV crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	916 CK_KEY_TYPE key_type;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	917
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	918 /* get the key type */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	919 crv = lg_GetULongAttribute(CKA_KEY_TYPE, templ, count, &key_type);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	920 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	921 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	922 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	923
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	924 switch (objclass) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	925 case CKO_PUBLIC_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	926 return lg_createPublicKeyObject(sdb,key_type,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	927 case CKO_PRIVATE_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	928 return lg_createPrivateKeyObject(sdb,key_type,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	929 case CKO_SECRET_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	930 return lg_createSecretKeyObject(sdb,key_type,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	931 default:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	932 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	933 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	934 return CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	935 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	936
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	937 /*
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	938 * Parse the template and create an object stored in the DB that reflects.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	939 * the object specified in the database.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	940 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	941 CK_RV
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	942 lg_CreateObject(SDB sdb, CK_OBJECT_HANDLE handle,
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	943 const CK_ATTRIBUTE *templ, CK_ULONG count)
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	944 {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	945 CK_RV crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	946 CK_OBJECT_CLASS objclass;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	947
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	948 /* get the object class */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	949 crv = lg_GetULongAttribute(CKA_CLASS, templ, count, &objclass);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	950 if (crv != CKR_OK) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	951 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	952 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	953
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	954 /* Now handle the specific object class.
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	955 */
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	956 switch (objclass) {
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	957 case CKO_CERTIFICATE:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	958 crv = lg_createCertObject(sdb,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	959 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	960 case CKO_NSS_TRUST:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	961 crv = lg_createTrustObject(sdb,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	962 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	963 case CKO_NSS_CRL:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	964 crv = lg_createCrlObject(sdb,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	965 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	966 case CKO_NSS_SMIME:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	967 crv = lg_createSMimeObject(sdb,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	968 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	969 case CKO_PRIVATE_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	970 case CKO_PUBLIC_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	971 case CKO_SECRET_KEY:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	972 crv = lg_createKeyObject(sdb,objclass,handle,templ,count);
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	973 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	974 default:
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	975 crv = CKR_ATTRIBUTE_VALUE_INVALID;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	976 break;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	977 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	978
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	979 return crv;
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	980 }
150b72113545 Add DBM and legacydb support Andre Heinecke <andre.heinecke@intevation.de> parents: diff changeset	981

Mercurial > trustbridge > nss-cmake-static

annotate nss/lib/softoken/legacydb/lgcreate.c @ 3:150b72113545