andre@3: /* This Source Code Form is subject to the terms of the Mozilla Public andre@3: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@3: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@3: #include "lgdb.h" andre@3: #include "secerr.h" andre@3: #include "lgglue.h" andre@3: andre@3: /* andre@3: * ******************** Attribute Utilities ******************************* andre@3: */ andre@3: andre@3: /* andre@3: * look up and attribute structure from a type and Object structure. andre@3: * The returned attribute is referenced and needs to be freed when andre@3: * it is no longer needed. andre@3: */ andre@3: const CK_ATTRIBUTE * andre@3: lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, andre@3: CK_ULONG count ) andre@3: { andre@3: unsigned int i; andre@3: andre@3: for (i=0; i < count; i++) { andre@3: if (templ[i].type == type) { andre@3: return &templ[i]; andre@3: } andre@3: } andre@3: return NULL; andre@3: } andre@3: andre@3: andre@3: /* andre@3: * return true if object has attribute andre@3: */ andre@3: PRBool andre@3: lg_hasAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, andre@3: CK_ULONG count ) andre@3: { andre@3: if (lg_FindAttribute(type, templ, count) == NULL) { andre@3: return PR_FALSE; andre@3: } andre@3: return PR_TRUE; andre@3: } andre@3: andre@3: /* andre@3: * copy an attribute into a SECItem. Secitem is allocated in the specified andre@3: * arena. andre@3: */ andre@3: CK_RV andre@3: lg_Attribute2SecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type, andre@3: const CK_ATTRIBUTE *templ, CK_ULONG count, andre@3: SECItem *item) andre@3: { andre@3: int len; andre@3: const CK_ATTRIBUTE *attribute; andre@3: andre@3: attribute = lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; andre@3: len = attribute->ulValueLen; andre@3: andre@3: if (arena) { andre@3: item->data = (unsigned char *) PORT_ArenaAlloc(arena,len); andre@3: } else { andre@3: item->data = (unsigned char *) PORT_Alloc(len); andre@3: } andre@3: if (item->data == NULL) { andre@3: return CKR_HOST_MEMORY; andre@3: } andre@3: item->len = len; andre@3: PORT_Memcpy(item->data, attribute->pValue, len); andre@3: return CKR_OK; andre@3: } andre@3: andre@3: andre@3: /* andre@3: * copy an unsigned attribute into a SECItem. Secitem is allocated in andre@3: * the specified arena. andre@3: */ andre@3: CK_RV andre@3: lg_Attribute2SSecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type, andre@3: const CK_ATTRIBUTE *templ, CK_ULONG count, andre@3: SECItem *item) andre@3: { andre@3: const CK_ATTRIBUTE *attribute; andre@3: item->data = NULL; andre@3: andre@3: attribute = lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; andre@3: andre@3: (void)SECITEM_AllocItem(arena, item, attribute->ulValueLen); andre@3: if (item->data == NULL) { andre@3: return CKR_HOST_MEMORY; andre@3: } andre@3: PORT_Memcpy(item->data, attribute->pValue, item->len); andre@3: return CKR_OK; andre@3: } andre@3: andre@3: /* andre@3: * copy an unsigned attribute into a SECItem. Secitem is allocated in andre@3: * the specified arena. andre@3: */ andre@3: CK_RV andre@3: lg_PrivAttr2SSecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type, andre@3: const CK_ATTRIBUTE *templ, CK_ULONG count, andre@3: SECItem *item, SDB *sdbpw) andre@3: { andre@3: const CK_ATTRIBUTE *attribute; andre@3: SECItem epki, *dest = NULL; andre@3: SECStatus rv; andre@3: andre@3: item->data = NULL; andre@3: andre@3: attribute = lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; andre@3: andre@3: epki.data = attribute->pValue; andre@3: epki.len = attribute->ulValueLen; andre@3: andre@3: rv = lg_util_decrypt(sdbpw, &epki, &dest); andre@3: if (rv != SECSuccess) { andre@3: return CKR_USER_NOT_LOGGED_IN; andre@3: } andre@3: (void)SECITEM_AllocItem(arena, item, dest->len); andre@3: if (item->data == NULL) { andre@3: SECITEM_FreeItem(dest, PR_TRUE); andre@3: return CKR_HOST_MEMORY; andre@3: } andre@3: andre@3: PORT_Memcpy(item->data, dest->data, item->len); andre@3: SECITEM_FreeItem(dest, PR_TRUE); andre@3: return CKR_OK; andre@3: } andre@3: andre@3: CK_RV andre@3: lg_PrivAttr2SecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type, andre@3: const CK_ATTRIBUTE *templ, CK_ULONG count, andre@3: SECItem *item, SDB *sdbpw) andre@3: { andre@3: return lg_PrivAttr2SSecItem(arena, type, templ, count, item, sdbpw); andre@3: } andre@3: andre@3: /* andre@3: * this is only valid for CK_BBOOL type attributes. Return the state andre@3: * of that attribute. andre@3: */ andre@3: PRBool andre@3: lg_isTrue(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count) andre@3: { andre@3: const CK_ATTRIBUTE *attribute; andre@3: PRBool tok = PR_FALSE; andre@3: andre@3: attribute=lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) { return PR_FALSE; } andre@3: tok = (PRBool)(*(CK_BBOOL *)attribute->pValue); andre@3: andre@3: return tok; andre@3: } andre@3: andre@3: /* andre@3: * return a null terminated string from attribute 'type'. This string andre@3: * is allocated and needs to be freed with PORT_Free() When complete. andre@3: */ andre@3: char * andre@3: lg_getString(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count) andre@3: { andre@3: const CK_ATTRIBUTE *attribute; andre@3: char *label = NULL; andre@3: andre@3: attribute = lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) return NULL; andre@3: andre@3: if (attribute->pValue != NULL) { andre@3: label = (char *) PORT_Alloc(attribute->ulValueLen+1); andre@3: if (label == NULL) { andre@3: return NULL; andre@3: } andre@3: andre@3: PORT_Memcpy(label,attribute->pValue, attribute->ulValueLen); andre@3: label[attribute->ulValueLen] = 0; andre@3: } andre@3: return label; andre@3: } andre@3: andre@3: CK_RV andre@3: lg_GetULongAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, andre@3: CK_ULONG count, CK_ULONG *longData) andre@3: { andre@3: const CK_ATTRIBUTE *attribute; andre@3: CK_ULONG value = 0; andre@3: const unsigned char *data; andre@3: int i; andre@3: andre@3: attribute = lg_FindAttribute(type, templ, count); andre@3: if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE; andre@3: andre@3: if (attribute->ulValueLen != 4) { andre@3: return CKR_ATTRIBUTE_VALUE_INVALID; andre@3: } andre@3: data = (const unsigned char *)attribute->pValue; andre@3: for (i=0; i < 4; i++) { andre@3: value |= (CK_ULONG)(data[i]) << ((3-i)*8); andre@3: } andre@3: andre@3: *longData = value; andre@3: return CKR_OK; andre@3: } andre@3: andre@3: /* andre@3: * ******************** Object Utilities ******************************* andre@3: */ andre@3: andre@3: SECStatus andre@3: lg_deleteTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle) andre@3: { andre@3: SECItem *item; andre@3: PRBool rem; andre@3: PLHashTable *hashTable= lg_GetHashTable(sdb); andre@3: andre@3: item = (SECItem *)PL_HashTableLookup(hashTable, (void *)handle); andre@3: rem = PL_HashTableRemove(hashTable,(void *)handle) ; andre@3: if (rem && item) { andre@3: SECITEM_FreeItem(item,PR_TRUE); andre@3: } andre@3: return rem ? SECSuccess : SECFailure; andre@3: } andre@3: andre@3: /* must be called holding lg_DBLock(sdb) */ andre@3: static SECStatus andre@3: lg_addTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle, SECItem *key) andre@3: { andre@3: PLHashEntry *entry; andre@3: SECItem *item; andre@3: PLHashTable *hashTable= lg_GetHashTable(sdb); andre@3: andre@3: item = SECITEM_DupItem(key); andre@3: if (item == NULL) { andre@3: return SECFailure; andre@3: } andre@3: entry = PL_HashTableAdd(hashTable,(void *)handle,item); andre@3: if (entry == NULL) { andre@3: SECITEM_FreeItem(item,PR_TRUE); andre@3: return SECFailure; andre@3: } andre@3: return SECSuccess; andre@3: } andre@3: andre@3: /* must be called holding lg_DBLock(sdb) */ andre@3: const SECItem * andre@3: lg_lookupTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle) andre@3: { andre@3: PLHashTable *hashTable= lg_GetHashTable(sdb); andre@3: return (const SECItem *)PL_HashTableLookup(hashTable, (void *)handle); andre@3: } andre@3: andre@3: andre@3: static PRIntn andre@3: lg_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg) andre@3: { andre@3: SECItem *item = (SECItem *)entry->value; andre@3: andre@3: SECITEM_FreeItem(item, PR_TRUE); andre@3: return HT_ENUMERATE_NEXT; andre@3: } andre@3: andre@3: CK_RV andre@3: lg_ClearTokenKeyHashTable(SDB *sdb) andre@3: { andre@3: PLHashTable *hashTable; andre@3: lg_DBLock(sdb); andre@3: hashTable= lg_GetHashTable(sdb); andre@3: PL_HashTableEnumerateEntries(hashTable, lg_freeHashItem, NULL); andre@3: lg_DBUnlock(sdb); andre@3: return CKR_OK; andre@3: } andre@3: andre@3: /* andre@3: * handle Token Object stuff andre@3: */ andre@3: static void andre@3: lg_XORHash(unsigned char *key, unsigned char *dbkey, int len) andre@3: { andre@3: int i; andre@3: andre@3: PORT_Memset(key, 0, 4); andre@3: andre@3: for (i=0; i < len-4; i += 4) { andre@3: key[0] ^= dbkey[i]; andre@3: key[1] ^= dbkey[i+1]; andre@3: key[2] ^= dbkey[i+2]; andre@3: key[3] ^= dbkey[i+3]; andre@3: } andre@3: } andre@3: andre@3: /* Make a token handle for an object and record it so we can find it again */ andre@3: CK_OBJECT_HANDLE andre@3: lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class) andre@3: { andre@3: unsigned char hashBuf[4]; andre@3: CK_OBJECT_HANDLE handle; andre@3: const SECItem *key; andre@3: andre@3: handle = class; andre@3: /* there is only one KRL, use a fixed handle for it */ andre@3: if (handle != LG_TOKEN_KRL_HANDLE) { andre@3: lg_XORHash(hashBuf,dbKey->data,dbKey->len); andre@3: handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | andre@3: (hashBuf[2] << 8) | hashBuf[3]; andre@3: handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK)); andre@3: /* we have a CRL who's handle has randomly matched the reserved KRL andre@3: * handle, increment it */ andre@3: if (handle == LG_TOKEN_KRL_HANDLE) { andre@3: handle++; andre@3: } andre@3: } andre@3: andre@3: lg_DBLock(sdb); andre@3: while ((key = lg_lookupTokenKeyByHandle(sdb,handle)) != NULL) { andre@3: if (SECITEM_ItemsAreEqual(key,dbKey)) { andre@3: lg_DBUnlock(sdb); andre@3: return handle; andre@3: } andre@3: handle++; andre@3: } andre@3: lg_addTokenKeyByHandle(sdb,handle,dbKey); andre@3: lg_DBUnlock(sdb); andre@3: return handle; andre@3: } andre@3: andre@3: PRBool andre@3: lg_poisonHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class) andre@3: { andre@3: unsigned char hashBuf[4]; andre@3: CK_OBJECT_HANDLE handle; andre@3: const SECItem *key; andre@3: andre@3: handle = class; andre@3: /* there is only one KRL, use a fixed handle for it */ andre@3: if (handle != LG_TOKEN_KRL_HANDLE) { andre@3: lg_XORHash(hashBuf,dbKey->data,dbKey->len); andre@3: handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | andre@3: (hashBuf[2] << 8) | hashBuf[3]; andre@3: handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK)); andre@3: /* we have a CRL who's handle has randomly matched the reserved KRL andre@3: * handle, increment it */ andre@3: if (handle == LG_TOKEN_KRL_HANDLE) { andre@3: handle++; andre@3: } andre@3: } andre@3: lg_DBLock(sdb); andre@3: while ((key = lg_lookupTokenKeyByHandle(sdb,handle)) != NULL) { andre@3: if (SECITEM_ItemsAreEqual(key,dbKey)) { andre@3: key->data[0] ^= 0x80; andre@3: lg_DBUnlock(sdb); andre@3: return PR_TRUE; andre@3: } andre@3: handle++; andre@3: } andre@3: lg_DBUnlock(sdb); andre@3: return PR_FALSE; andre@3: } andre@3: andre@3: static LGEncryptFunc lg_encrypt_stub = NULL; andre@3: static LGDecryptFunc lg_decrypt_stub = NULL; andre@3: andre@3: void andre@3: legacy_SetCryptFunctions(LGEncryptFunc enc, LGDecryptFunc dec) andre@3: { andre@3: lg_encrypt_stub = enc; andre@3: lg_decrypt_stub = dec; andre@3: } andre@3: andre@3: SECStatus lg_util_encrypt(PLArenaPool *arena, SDB *sdb, andre@3: SECItem *plainText, SECItem **cipherText) andre@3: { andre@3: if (lg_encrypt_stub == NULL) { andre@3: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@3: return SECFailure; andre@3: } andre@3: return (*lg_encrypt_stub)(arena, sdb, plainText, cipherText); andre@3: } andre@3: andre@3: SECStatus lg_util_decrypt(SDB *sdb, SECItem *cipherText, SECItem **plainText) andre@3: { andre@3: if (lg_decrypt_stub == NULL) { andre@3: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@3: return SECFailure; andre@3: } andre@3: return (*lg_decrypt_stub)(sdb, cipherText, plainText); andre@3: } andre@3: andre@3: