Index: lib/ckfw/nssmkey/mobject.c |
=================================================================== |
--- a/lib/ckfw/nssmkey/mobject.c |
+++ b/lib/ckfw/nssmkey/mobject.c |
@@ -22,225 +22,164 @@ |
/* |
* nssmkey/mobject.c |
* |
* This file implements the NSSCKMDObject object for the |
* "nssmkey" cryptoki module. |
*/ |
const CK_ATTRIBUTE_TYPE certAttrs[] = { |
- CKA_CLASS, |
- CKA_TOKEN, |
- CKA_PRIVATE, |
- CKA_MODIFIABLE, |
- CKA_LABEL, |
- CKA_CERTIFICATE_TYPE, |
- CKA_SUBJECT, |
- CKA_ISSUER, |
- CKA_SERIAL_NUMBER, |
- CKA_VALUE |
-}; |
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, |
+ CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ISSUER, |
+ CKA_SERIAL_NUMBER, CKA_VALUE}; |
const PRUint32 certAttrsCount = NSS_CKMK_ARRAY_SIZE(certAttrs); |
/* private keys, for now only support RSA */ |
const CK_ATTRIBUTE_TYPE privKeyAttrs[] = { |
- CKA_CLASS, |
- CKA_TOKEN, |
- CKA_PRIVATE, |
- CKA_MODIFIABLE, |
- CKA_LABEL, |
- CKA_KEY_TYPE, |
- CKA_DERIVE, |
- CKA_LOCAL, |
- CKA_SUBJECT, |
- CKA_SENSITIVE, |
- CKA_DECRYPT, |
- CKA_SIGN, |
- CKA_SIGN_RECOVER, |
- CKA_UNWRAP, |
- CKA_EXTRACTABLE, |
- CKA_ALWAYS_SENSITIVE, |
- CKA_NEVER_EXTRACTABLE, |
- CKA_MODULUS, |
- CKA_PUBLIC_EXPONENT, |
-}; |
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, |
+ CKA_MODIFIABLE, CKA_LABEL, CKA_KEY_TYPE, |
+ CKA_DERIVE, CKA_LOCAL, CKA_SUBJECT, |
+ CKA_SENSITIVE, CKA_DECRYPT, CKA_SIGN, |
+ CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_EXTRACTABLE, |
+ CKA_ALWAYS_SENSITIVE, CKA_NEVER_EXTRACTABLE, CKA_MODULUS, |
+ CKA_PUBLIC_EXPONENT, }; |
const PRUint32 privKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(privKeyAttrs); |
/* public keys, for now only support RSA */ |
const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = { |
- CKA_CLASS, |
- CKA_TOKEN, |
- CKA_PRIVATE, |
- CKA_MODIFIABLE, |
- CKA_LABEL, |
- CKA_KEY_TYPE, |
- CKA_DERIVE, |
- CKA_LOCAL, |
- CKA_SUBJECT, |
- CKA_ENCRYPT, |
- CKA_VERIFY, |
- CKA_VERIFY_RECOVER, |
- CKA_WRAP, |
- CKA_MODULUS, |
- CKA_PUBLIC_EXPONENT, |
-}; |
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, |
+ CKA_LABEL, CKA_KEY_TYPE, CKA_DERIVE, CKA_LOCAL, |
+ CKA_SUBJECT, CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER, |
+ CKA_WRAP, CKA_MODULUS, CKA_PUBLIC_EXPONENT, }; |
const PRUint32 pubKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(pubKeyAttrs); |
static const CK_BBOOL ck_true = CK_TRUE; |
static const CK_BBOOL ck_false = CK_FALSE; |
static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509; |
static const CK_KEY_TYPE ckk_rsa = CKK_RSA; |
static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; |
static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; |
static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; |
-static const NSSItem ckmk_trueItem = { |
- (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; |
-static const NSSItem ckmk_falseItem = { |
- (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; |
-static const NSSItem ckmk_x509Item = { |
- (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; |
-static const NSSItem ckmk_rsaItem = { |
- (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; |
-static const NSSItem ckmk_certClassItem = { |
- (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; |
+static const NSSItem ckmk_trueItem = {(void *)&ck_true, |
+ (PRUint32)sizeof(CK_BBOOL)}; |
+static const NSSItem ckmk_falseItem = {(void *)&ck_false, |
+ (PRUint32)sizeof(CK_BBOOL)}; |
+static const NSSItem ckmk_x509Item = {(void *)&ckc_x509, |
+ (PRUint32)sizeof(CK_CERTIFICATE_TYPE)}; |
+static const NSSItem ckmk_rsaItem = {(void *)&ckk_rsa, |
+ (PRUint32)sizeof(CK_KEY_TYPE)}; |
+static const NSSItem ckmk_certClassItem = {(void *)&cko_certificate, |
+ (PRUint32)sizeof(CK_OBJECT_CLASS)}; |
static const NSSItem ckmk_privKeyClassItem = { |
- (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; |
-static const NSSItem ckmk_pubKeyClassItem = { |
- (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; |
-static const NSSItem ckmk_emptyItem = { |
- (void *)&ck_true, 0}; |
+ (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS)}; |
+static const NSSItem ckmk_pubKeyClassItem = {(void *)&cko_public_key, |
+ (PRUint32)sizeof(CK_OBJECT_CLASS)}; |
+static const NSSItem ckmk_emptyItem = {(void *)&ck_true, 0}; |
/* |
* these are utilities. The chould be moved to a new utilities file. |
*/ |
#ifdef DEBUG |
-static void |
-itemdump(char *str, void *data, int size, CK_RV error) |
-{ |
+static void itemdump(char *str, void *data, int size, CK_RV error) { |
unsigned char *ptr = (unsigned char *)data; |
int i; |
- fprintf(stderr,str); |
- for (i=0; i < size; i++) { |
- fprintf(stderr,"%02x ",(unsigned int) ptr[i]); |
+ fprintf(stderr, str); |
+ for (i = 0; i < size; i++) { |
+ fprintf(stderr, "%02x ", (unsigned int)ptr[i]); |
} |
- fprintf(stderr," (error = %d)\n", (int ) error); |
+ fprintf(stderr, " (error = %d)\n", (int)error); |
} |
#endif |
/* |
* unwrap a single DER value |
* now that we have util linked in, we should probably use |
* the ANS1_Decoder for this work... |
*/ |
-unsigned char * |
-nss_ckmk_DERUnwrap |
-( |
- unsigned char *src, |
- int size, |
- int *outSize, |
- unsigned char **next |
-) |
-{ |
+unsigned char *nss_ckmk_DERUnwrap(unsigned char *src, int size, int *outSize, |
+ unsigned char **next) { |
unsigned char *start = src; |
unsigned int len = 0; |
/* initialize error condition return values */ |
*outSize = 0; |
if (next) { |
*next = src; |
} |
if (size < 2) { |
return start; |
} |
- src ++ ; /* skip the tag -- should check it against an expected value! */ |
- len = (unsigned) *src++; |
+ src++; /* skip the tag -- should check it against an expected value! */ |
+ len = (unsigned)*src++; |
if (len & 0x80) { |
int count = len & 0x7f; |
- len =0; |
+ len = 0; |
- if (count+2 > size) { |
+ if (count + 2 > size) { |
return start; |
} |
while (count-- > 0) { |
- len = (len << 8) | (unsigned) *src++; |
+ len = (len << 8) | (unsigned)*src++; |
} |
} |
- if (len + (src-start) > (unsigned int)size) { |
+ if (len + (src - start) > (unsigned int)size) { |
return start; |
} |
if (next) { |
- *next = src+len; |
+ *next = src + len; |
} |
*outSize = len; |
return src; |
} |
/* |
* get an attribute from a template. Value is returned in NSS item. |
* data for the item is owned by the template. |
*/ |
CK_RV |
-nss_ckmk_GetAttribute |
-( |
- CK_ATTRIBUTE_TYPE type, |
- CK_ATTRIBUTE *template, |
- CK_ULONG templateSize, |
- NSSItem *item |
-) |
-{ |
+nss_ckmk_GetAttribute(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *template, |
+ CK_ULONG templateSize, NSSItem *item) { |
CK_ULONG i; |
- for (i=0; i < templateSize; i++) { |
+ for (i = 0; i < templateSize; i++) { |
if (template[i].type == type) { |
item->data = template[i].pValue; |
item->size = template[i].ulValueLen; |
return CKR_OK; |
} |
} |
return CKR_TEMPLATE_INCOMPLETE; |
} |
/* |
* get an attribute which is type CK_ULONG. |
*/ |
CK_ULONG |
-nss_ckmk_GetULongAttribute |
-( |
- CK_ATTRIBUTE_TYPE type, |
- CK_ATTRIBUTE *template, |
- CK_ULONG templateSize, |
- CK_RV *pError |
-) |
-{ |
+nss_ckmk_GetULongAttribute(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *template, |
+ CK_ULONG templateSize, CK_RV *pError) { |
NSSItem item; |
*pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); |
if (CKR_OK != *pError) { |
- return (CK_ULONG) 0; |
+ return (CK_ULONG)0; |
} |
if (item.size != sizeof(CK_ULONG)) { |
*pError = CKR_ATTRIBUTE_VALUE_INVALID; |
- return (CK_ULONG) 0; |
+ return (CK_ULONG)0; |
} |
return *(CK_ULONG *)item.data; |
} |
/* |
* get an attribute which is type CK_BBOOL. |
*/ |
CK_BBOOL |
-nss_ckmk_GetBoolAttribute |
-( |
- CK_ATTRIBUTE_TYPE type, |
- CK_ATTRIBUTE *template, |
- CK_ULONG templateSize, |
- CK_BBOOL defaultBool |
-) |
-{ |
+nss_ckmk_GetBoolAttribute(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *template, |
+ CK_ULONG templateSize, CK_BBOOL defaultBool) { |
NSSItem item; |
CK_RV error; |
error = nss_ckmk_GetAttribute(type, template, templateSize, &item); |
if (CKR_OK != error) { |
return defaultBool; |
} |
if (item.size != sizeof(CK_BBOOL)) { |
@@ -248,35 +187,29 @@ nss_ckmk_GetBoolAttribute |
} |
return *(CK_BBOOL *)item.data; |
} |
/* |
* get an attribute as a NULL terminated string. Caller is responsible to |
* free the string. |
*/ |
-char * |
-nss_ckmk_GetStringAttribute |
-( |
- CK_ATTRIBUTE_TYPE type, |
- CK_ATTRIBUTE *template, |
- CK_ULONG templateSize, |
- CK_RV *pError |
-) |
-{ |
+char *nss_ckmk_GetStringAttribute(CK_ATTRIBUTE_TYPE type, |
+ CK_ATTRIBUTE *template, CK_ULONG templateSize, |
+ CK_RV *pError) { |
NSSItem item; |
char *str; |
/* get the attribute */ |
*pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); |
if (CKR_OK != *pError) { |
return (char *)NULL; |
} |
/* make sure it is null terminated */ |
- str = nss_ZNEWARRAY(NULL, char, item.size+1); |
+ str = nss_ZNEWARRAY(NULL, char, item.size + 1); |
if ((char *)NULL == str) { |
*pError = CKR_HOST_MEMORY; |
return (char *)NULL; |
} |
nsslibc_memcpy(str, item.data, item.size); |
str[item.size] = 0; |
@@ -284,110 +217,100 @@ nss_ckmk_GetStringAttribute |
} |
/* |
* Apple doesn't seem to have a public interface to the DER encoder, |
* wip out a quick one for integers only (anything more complicated, |
* we should use one of the 3 in lib/util). -- especially since we |
* now link with it. |
*/ |
-static CK_RV |
-ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) |
-{ |
+static CK_RV ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) { |
int dataLen = srcLen; |
int lenLen = 1; |
int encLen; |
int isSigned = 0; |
int offset = 0; |
unsigned char *data = NULL; |
int i; |
if (*(unsigned char *)src & 0x80) { |
dataLen++; |
isSigned = 1; |
} |
- |
+ |
/* calculate the length of the length specifier */ |
- /* (NOTE: destroys dataLen value) */ |
+ /* (NOTE: destroys dataLen value) */ |
if (dataLen > 0x7f) { |
do { |
lenLen++; |
dataLen >>= 8; |
} while (dataLen); |
} |
/* calculate our total length */ |
dataLen = isSigned + srcLen; |
encLen = 1 + lenLen + dataLen; |
- data = nss_ZNEWARRAY(NULL, unsigned char, encLen); |
+ data = nss_ZNEWARRAY(NULL, unsigned char, encLen); |
if ((unsigned char *)NULL == data) { |
return CKR_HOST_MEMORY; |
} |
data[0] = DER_INTEGER; |
if (1 == lenLen) { |
data[1] = dataLen; |
} else { |
data[1] = 0x80 + lenLen; |
- for (i=0; i < lenLen; i++) { |
- data[i+1] = ((dataLen >> ((lenLen-i-1)*8)) & 0xff); |
+ for (i = 0; i < lenLen; i++) { |
+ data[i + 1] = ((dataLen >> ((lenLen - i - 1) * 8)) & 0xff); |
} |
} |
- offset = lenLen+1; |
+ offset = lenLen + 1; |
if (isSigned) { |
data[offset++] = 0; |
} |
nsslibc_memcpy(&data[offset], src, srcLen); |
dest->data = data; |
dest->size = encLen; |
return CKR_OK; |
} |
- |
/* |
* Get a Keyring attribute. If content is set to true, then we get the |
* content, not the attribute. |
*/ |
-static CK_RV |
-ckmk_GetCommonAttribute |
-( |
- ckmkInternalObject *io, |
- SecItemAttr itemAttr, |
- PRBool content, |
- NSSItem *item, |
- char *dbString |
-) |
-{ |
+static CK_RV ckmk_GetCommonAttribute(ckmkInternalObject *io, |
+ SecItemAttr itemAttr, PRBool content, |
+ NSSItem *item, char *dbString) { |
SecKeychainAttributeList *attrList = NULL; |
SecKeychainAttributeInfo attrInfo; |
PRUint32 len = 0; |
PRUint32 dataLen = 0; |
PRUint32 attrFormat = 0; |
void *dataVal = 0; |
void *out = NULL; |
CK_RV error = CKR_OK; |
OSStatus macErr; |
attrInfo.count = 1; |
attrInfo.tag = &itemAttr; |
attrInfo.format = &attrFormat; |
- macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, |
- &attrInfo, NULL, &attrList, &len, &out); |
+ macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, &attrInfo, |
+ NULL, &attrList, &len, &out); |
if (noErr != macErr) { |
CKMK_MACERR(dbString, macErr); |
return CKR_ATTRIBUTE_TYPE_INVALID; |
} |
dataLen = content ? len : attrList->attr->length; |
dataVal = content ? out : attrList->attr->data; |
/* Apple's documentation says this value is DER Encoded, but it clearly isn't |
* der encode it before we ship it back off to NSS |
*/ |
- if ( kSecSerialNumberItemAttr == itemAttr ) { |
+ if (kSecSerialNumberItemAttr == itemAttr) { |
error = ckmk_encodeInt(item, dataVal, dataLen); |
goto loser; /* logically 'done' if error == CKR_OK */ |
} |
item->data = nss_ZNEWARRAY(NULL, char, dataLen); |
if (NULL == item->data) { |
error = CKR_HOST_MEMORY; |
goto loser; |
} |
@@ -397,28 +320,21 @@ ckmk_GetCommonAttribute |
loser: |
SecKeychainItemFreeAttributesAndData(attrList, out); |
return error; |
} |
/* |
* change an attribute (does not operate on the content). |
*/ |
-static CK_RV |
-ckmk_updateAttribute |
-( |
- SecKeychainItemRef itemRef, |
- SecItemAttr itemAttr, |
- void *data, |
- PRUint32 len, |
- char *dbString |
-) |
-{ |
+static CK_RV ckmk_updateAttribute(SecKeychainItemRef itemRef, |
+ SecItemAttr itemAttr, void *data, |
+ PRUint32 len, char *dbString) { |
SecKeychainAttributeList attrList; |
- SecKeychainAttribute attrAttr; |
+ SecKeychainAttribute attrAttr; |
OSStatus macErr; |
CK_RV error = CKR_OK; |
attrList.count = 1; |
attrList.attr = &attrAttr; |
attrAttr.tag = itemAttr; |
attrAttr.data = data; |
attrAttr.length = len; |
@@ -428,149 +344,124 @@ ckmk_updateAttribute |
error = CKR_ATTRIBUTE_TYPE_INVALID; |
} |
return error; |
} |
/* |
* get an attribute (does not operate on the content) |
*/ |
-static CK_RV |
-ckmk_GetDataAttribute |
-( |
- ckmkInternalObject *io, |
- SecItemAttr itemAttr, |
- NSSItem *item, |
- char *dbString |
-) |
-{ |
+static CK_RV ckmk_GetDataAttribute(ckmkInternalObject *io, SecItemAttr itemAttr, |
+ NSSItem *item, char *dbString) { |
return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); |
} |
/* |
* get an attribute we know is a BOOL. |
*/ |
-static CK_RV |
-ckmk_GetBoolAttribute |
-( |
- ckmkInternalObject *io, |
- SecItemAttr itemAttr, |
- NSSItem *item, |
- char *dbString |
-) |
-{ |
+static CK_RV ckmk_GetBoolAttribute(ckmkInternalObject *io, SecItemAttr itemAttr, |
+ NSSItem *item, char *dbString) { |
SecKeychainAttribute attr; |
SecKeychainAttributeList attrList; |
CK_BBOOL *boolp = NULL; |
- PRUint32 len = 0;; |
+ PRUint32 len = 0; |
+ ; |
void *out = NULL; |
CK_RV error = CKR_OK; |
OSStatus macErr; |
attr.tag = itemAttr; |
attr.length = 0; |
attr.data = NULL; |
attrList.count = 1; |
attrList.attr = &attr; |
boolp = nss_ZNEW(NULL, CK_BBOOL); |
if ((CK_BBOOL *)NULL == boolp) { |
error = CKR_HOST_MEMORY; |
goto loser; |
} |
- macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, |
- &attrList, &len, &out); |
+ macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, &attrList, &len, |
+ &out); |
if (noErr != macErr) { |
CKMK_MACERR(dbString, macErr); |
error = CKR_ATTRIBUTE_TYPE_INVALID; |
goto loser; |
} |
if (sizeof(PRUint32) != attr.length) { |
error = CKR_ATTRIBUTE_TYPE_INVALID; |
goto loser; |
} |
*boolp = *(PRUint32 *)attr.data ? 1 : 0; |
- item->data = boolp; |
+ item->data = boolp; |
boolp = NULL; |
item->size = sizeof(CK_BBOOL); |
loser: |
nss_ZFreeIf(boolp); |
SecKeychainItemFreeContent(&attrList, out); |
return error; |
} |
- |
/* |
* macros for fetching attributes into a cache and returning the |
* appropriate value. These operate inside switch statements |
*/ |
#define CKMK_HANDLE_ITEM(func, io, type, loc, item, error, str) \ |
- if (0 == (item)->loc.size) { \ |
- error = func(io, type, &(item)->loc, str); \ |
- } \ |
- return (CKR_OK == (error)) ? &(item)->loc : NULL; |
+ if (0 == (item)->loc.size) { \ |
+ error = func(io, type, &(item)->loc, str); \ |
+ } \ |
+ return (CKR_OK == (error)) ? &(item)->loc : NULL; |
#define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \ |
- if (0 == (item)->loc.size) { \ |
- (void) func(io, type, &(item)->loc, str); \ |
- } \ |
- return &(item)->loc ; |
+ if (0 == (item)->loc.size) { \ |
+ (void) func(io, type, &(item)->loc, str); \ |
+ } \ |
+ return &(item)->loc; |
#define CKMK_HANDLE_BOOL_ITEM(io, type, loc, item, error, str) \ |
- CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str) |
+ CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str) |
#define CKMK_HANDLE_DATA_ITEM(io, type, loc, item, error, str) \ |
- CKMK_HANDLE_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) |
+ CKMK_HANDLE_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) |
#define CKMK_HANDLE_OPT_DATA_ITEM(io, type, loc, item, error, str) \ |
- CKMK_HANDLE_OPT_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) |
+ CKMK_HANDLE_OPT_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) |
/* |
* fetch the unique identifier for each object type. |
*/ |
-static void |
-ckmk_FetchHashKey |
-( |
- ckmkInternalObject *io |
-) |
-{ |
+static void ckmk_FetchHashKey(ckmkInternalObject *io) { |
NSSItem *key = &io->hashKey; |
if (io->objClass == CKO_CERTIFICATE) { |
- ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, |
- PR_TRUE, key, "Fetching HashKey (cert)"); |
+ ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, key, |
+ "Fetching HashKey (cert)"); |
} else { |
- ckmk_GetCommonAttribute(io, kSecKeyLabel, |
- PR_FALSE, key, "Fetching HashKey (key)"); |
+ ckmk_GetCommonAttribute(io, kSecKeyLabel, PR_FALSE, key, |
+ "Fetching HashKey (key)"); |
} |
} |
/* |
* Apple mucks with the actual subject and issuer, so go fetch |
* the real ones ourselves. |
*/ |
-static void |
-ckmk_fetchCert |
-( |
- ckmkInternalObject *io |
-) |
-{ |
+static void ckmk_fetchCert(ckmkInternalObject *io) { |
CK_RV error; |
- unsigned char * cert, *next; |
+ unsigned char *cert, *next; |
int certSize, thisEntrySize; |
- error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, |
- &io->u.item.derCert, "Fetching Value (cert)"); |
+ error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, |
+ &io->u.item.derCert, "Fetching Value (cert)"); |
if (CKR_OK != error) { |
return; |
} |
/* unwrap the cert bundle */ |
- cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, |
- io->u.item.derCert.size, |
- &certSize, NULL); |
+ cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, |
+ io->u.item.derCert.size, &certSize, NULL); |
/* unwrap the cert itself */ |
/* cert == certdata */ |
cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); |
/* skip the optional version */ |
if ((cert[0] & 0xa0) == 0xa0) { |
nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); |
certSize -= next - cert; |
@@ -601,332 +492,292 @@ ckmk_fetchCert |
/* save the (wrapped) subject */ |
io->u.item.subject.data = cert; |
nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); |
io->u.item.subject.size = next - cert; |
certSize -= io->u.item.subject.size; |
cert = next; |
} |
-static void |
-ckmk_fetchModulus |
-( |
- ckmkInternalObject *io |
-) |
-{ |
+static void ckmk_fetchModulus(ckmkInternalObject *io) { |
NSSItem item; |
PRInt32 modLen; |
CK_RV error; |
/* we can't reliably get the modulus for private keys through CSSM (sigh). |
* For NSS this is OK because we really only use this to get the modulus |
- * length (unless we are trying to get a public key from a private keys, |
+ * length (unless we are trying to get a public key from a private keys, |
* something CSSM ALSO does not do!). |
*/ |
- error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, |
- "Key Fetch Modulus"); |
+ error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, |
+ "Key Fetch Modulus"); |
if (CKR_OK != error) { |
return; |
} |
modLen = *(PRInt32 *)item.data; |
- modLen = modLen/8; /* convert from bits to bytes */ |
+ modLen = modLen / 8; /* convert from bits to bytes */ |
nss_ZFreeIf(item.data); |
io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); |
if (NULL == io->u.item.modulus.data) { |
return; |
} |
- *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will |
+ *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will |
* drop the first byte */ |
io->u.item.modulus.size = modLen; |
return; |
} |
-const NSSItem * |
-ckmk_FetchCertAttribute |
-( |
- ckmkInternalObject *io, |
- CK_ATTRIBUTE_TYPE type, |
- CK_RV *pError |
-) |
-{ |
+const NSSItem *ckmk_FetchCertAttribute(ckmkInternalObject *io, |
+ CK_ATTRIBUTE_TYPE type, CK_RV *pError) { |
ckmkItemObject *item = &io->u.item; |
*pError = CKR_OK; |
- switch(type) { |
- case CKA_CLASS: |
- return &ckmk_certClassItem; |
- case CKA_TOKEN: |
- case CKA_MODIFIABLE: |
- return &ckmk_trueItem; |
- case CKA_PRIVATE: |
- return &ckmk_falseItem; |
- case CKA_CERTIFICATE_TYPE: |
- return &ckmk_x509Item; |
- case CKA_LABEL: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, |
- "Cert:Label attr") |
- case CKA_SUBJECT: |
- /* OK, well apple does provide an subject and issuer attribute, but they |
- * decided to cannonicalize that value. Probably a good move for them, |
- * but makes it useless for most users of PKCS #11.. Get the real subject |
- * from the certificate */ |
- if (0 == item->derCert.size) { |
- ckmk_fetchCert(io); |
- } |
- return &item->subject; |
- case CKA_ISSUER: |
- if (0 == item->derCert.size) { |
- ckmk_fetchCert(io); |
- } |
- return &item->issuer; |
- case CKA_SERIAL_NUMBER: |
- CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, |
- "Cert:Serial Number attr") |
- case CKA_VALUE: |
- if (0 == item->derCert.size) { |
- ckmk_fetchCert(io); |
- } |
- return &item->derCert; |
- case CKA_ID: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, |
- "Cert:ID attr") |
- default: |
- *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
- break; |
+ switch (type) { |
+ case CKA_CLASS: |
+ return &ckmk_certClassItem; |
+ case CKA_TOKEN: |
+ case CKA_MODIFIABLE: |
+ return &ckmk_trueItem; |
+ case CKA_PRIVATE: |
+ return &ckmk_falseItem; |
+ case CKA_CERTIFICATE_TYPE: |
+ return &ckmk_x509Item; |
+ case CKA_LABEL: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, |
+ "Cert:Label attr") |
+ case CKA_SUBJECT: |
+ /* OK, well apple does provide an subject and issuer attribute, but they |
+ * decided to cannonicalize that value. Probably a good move for them, |
+ * but makes it useless for most users of PKCS #11.. Get the real subject |
+ * from the certificate */ |
+ if (0 == item->derCert.size) { |
+ ckmk_fetchCert(io); |
+ } |
+ return &item->subject; |
+ case CKA_ISSUER: |
+ if (0 == item->derCert.size) { |
+ ckmk_fetchCert(io); |
+ } |
+ return &item->issuer; |
+ case CKA_SERIAL_NUMBER: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, |
+ "Cert:Serial Number attr") |
+ case CKA_VALUE: |
+ if (0 == item->derCert.size) { |
+ ckmk_fetchCert(io); |
+ } |
+ return &item->derCert; |
+ case CKA_ID: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, |
+ *pError, "Cert:ID attr") |
+ default: |
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
+ break; |
} |
return NULL; |
} |
-const NSSItem * |
-ckmk_FetchPubKeyAttribute |
-( |
- ckmkInternalObject *io, |
- CK_ATTRIBUTE_TYPE type, |
- CK_RV *pError |
-) |
-{ |
+const NSSItem *ckmk_FetchPubKeyAttribute(ckmkInternalObject *io, |
+ CK_ATTRIBUTE_TYPE type, |
+ CK_RV *pError) { |
ckmkItemObject *item = &io->u.item; |
*pError = CKR_OK; |
- |
- switch(type) { |
- case CKA_CLASS: |
- return &ckmk_pubKeyClassItem; |
- case CKA_TOKEN: |
- case CKA_LOCAL: |
- return &ckmk_trueItem; |
- case CKA_KEY_TYPE: |
- return &ckmk_rsaItem; |
- case CKA_LABEL: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, |
- "PubKey:Label attr") |
- case CKA_ENCRYPT: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, |
- "PubKey:Encrypt attr") |
- case CKA_VERIFY: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, |
- "PubKey:Verify attr") |
- case CKA_VERIFY_RECOVER: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, |
- item, *pError, "PubKey:VerifyRecover attr") |
- case CKA_PRIVATE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, |
- "PubKey:Private attr") |
- case CKA_MODIFIABLE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, |
- "PubKey:Modify attr") |
- case CKA_DERIVE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, |
- "PubKey:Derive attr") |
- case CKA_WRAP: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, |
- "PubKey:Wrap attr") |
- case CKA_SUBJECT: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, |
- "PubKey:Subect attr") |
- case CKA_MODULUS: |
- return &ckmk_emptyItem; |
- case CKA_PUBLIC_EXPONENT: |
- return &ckmk_emptyItem; |
- case CKA_ID: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, |
- "PubKey:ID attr") |
- default: |
- *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
- break; |
+ |
+ switch (type) { |
+ case CKA_CLASS: |
+ return &ckmk_pubKeyClassItem; |
+ case CKA_TOKEN: |
+ case CKA_LOCAL: |
+ return &ckmk_trueItem; |
+ case CKA_KEY_TYPE: |
+ return &ckmk_rsaItem; |
+ case CKA_LABEL: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, |
+ "PubKey:Label attr") |
+ case CKA_ENCRYPT: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, |
+ "PubKey:Encrypt attr") |
+ case CKA_VERIFY: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, |
+ "PubKey:Verify attr") |
+ case CKA_VERIFY_RECOVER: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, item, |
+ *pError, "PubKey:VerifyRecover attr") |
+ case CKA_PRIVATE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, |
+ "PubKey:Private attr") |
+ case CKA_MODIFIABLE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, |
+ "PubKey:Modify attr") |
+ case CKA_DERIVE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, |
+ "PubKey:Derive attr") |
+ case CKA_WRAP: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, |
+ "PubKey:Wrap attr") |
+ case CKA_SUBJECT: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, |
+ "PubKey:Subect attr") |
+ case CKA_MODULUS: |
+ return &ckmk_emptyItem; |
+ case CKA_PUBLIC_EXPONENT: |
+ return &ckmk_emptyItem; |
+ case CKA_ID: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, |
+ "PubKey:ID attr") |
+ default: |
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
+ break; |
} |
return NULL; |
} |
-const NSSItem * |
-ckmk_FetchPrivKeyAttribute |
-( |
- ckmkInternalObject *io, |
- CK_ATTRIBUTE_TYPE type, |
- CK_RV *pError |
-) |
-{ |
+const NSSItem *ckmk_FetchPrivKeyAttribute(ckmkInternalObject *io, |
+ CK_ATTRIBUTE_TYPE type, |
+ CK_RV *pError) { |
ckmkItemObject *item = &io->u.item; |
*pError = CKR_OK; |
- switch(type) { |
- case CKA_CLASS: |
- return &ckmk_privKeyClassItem; |
- case CKA_TOKEN: |
- case CKA_LOCAL: |
- return &ckmk_trueItem; |
- case CKA_SENSITIVE: |
- case CKA_EXTRACTABLE: /* will probably move in the future */ |
- case CKA_ALWAYS_SENSITIVE: |
- case CKA_NEVER_EXTRACTABLE: |
- return &ckmk_falseItem; |
- case CKA_KEY_TYPE: |
- return &ckmk_rsaItem; |
- case CKA_LABEL: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, |
- "PrivateKey:Label attr") |
- case CKA_DECRYPT: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, |
- "PrivateKey:Decrypt attr") |
- case CKA_SIGN: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, |
- "PrivateKey:Sign attr") |
- case CKA_SIGN_RECOVER: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, |
- "PrivateKey:Sign Recover attr") |
- case CKA_PRIVATE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, |
- "PrivateKey:Private attr") |
- case CKA_MODIFIABLE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, |
- "PrivateKey:Modify attr") |
- case CKA_DERIVE: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, |
- "PrivateKey:Derive attr") |
- case CKA_UNWRAP: |
- CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, |
- "PrivateKey:Unwrap attr") |
- case CKA_SUBJECT: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, |
- "PrivateKey:Subject attr") |
- case CKA_MODULUS: |
- if (0 == item->modulus.size) { |
- ckmk_fetchModulus(io); |
- } |
- return &item->modulus; |
- case CKA_PUBLIC_EXPONENT: |
- return &ckmk_emptyItem; |
+ switch (type) { |
+ case CKA_CLASS: |
+ return &ckmk_privKeyClassItem; |
+ case CKA_TOKEN: |
+ case CKA_LOCAL: |
+ return &ckmk_trueItem; |
+ case CKA_SENSITIVE: |
+ case CKA_EXTRACTABLE: /* will probably move in the future */ |
+ case CKA_ALWAYS_SENSITIVE: |
+ case CKA_NEVER_EXTRACTABLE: |
+ return &ckmk_falseItem; |
+ case CKA_KEY_TYPE: |
+ return &ckmk_rsaItem; |
+ case CKA_LABEL: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, |
+ "PrivateKey:Label attr") |
+ case CKA_DECRYPT: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, |
+ "PrivateKey:Decrypt attr") |
+ case CKA_SIGN: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, |
+ "PrivateKey:Sign attr") |
+ case CKA_SIGN_RECOVER: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, |
+ "PrivateKey:Sign Recover attr") |
+ case CKA_PRIVATE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, |
+ "PrivateKey:Private attr") |
+ case CKA_MODIFIABLE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, |
+ "PrivateKey:Modify attr") |
+ case CKA_DERIVE: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, |
+ "PrivateKey:Derive attr") |
+ case CKA_UNWRAP: |
+ CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, |
+ "PrivateKey:Unwrap attr") |
+ case CKA_SUBJECT: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, |
+ "PrivateKey:Subject attr") |
+ case CKA_MODULUS: |
+ if (0 == item->modulus.size) { |
+ ckmk_fetchModulus(io); |
+ } |
+ return &item->modulus; |
+ case CKA_PUBLIC_EXPONENT: |
+ return &ckmk_emptyItem; |
#ifdef notdef |
- /* the following are sensitive attributes. We could implement them for |
- * sensitive keys using the key export function, but it's better to |
- * just support wrap through this token. That will more reliably allow us |
- * to export any private key that is truly exportable. |
- */ |
- case CKA_PRIVATE_EXPONENT: |
- CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, |
- item, *pError) |
- case CKA_PRIME_1: |
- CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) |
- case CKA_PRIME_2: |
- CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) |
- case CKA_EXPONENT_1: |
- CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) |
- case CKA_EXPONENT_2: |
- CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) |
- case CKA_COEFFICIENT: |
- CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, |
- item, *pError) |
+ /* the following are sensitive attributes. We could implement them for |
+ * sensitive keys using the key export function, but it's better to |
+ * just support wrap through this token. That will more reliably allow us |
+ * to export any private key that is truly exportable. |
+ */ |
+ case CKA_PRIVATE_EXPONENT: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, |
+ item, *pError) |
+ case CKA_PRIME_1: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) |
+ case CKA_PRIME_2: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) |
+ case CKA_EXPONENT_1: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) |
+ case CKA_EXPONENT_2: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) |
+ case CKA_COEFFICIENT: |
+ CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, item, |
+ *pError) |
#endif |
- case CKA_ID: |
- CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, |
- "PrivateKey:ID attr") |
- default: |
- *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
- return NULL; |
+ case CKA_ID: |
+ CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, |
+ "PrivateKey:ID attr") |
+ default: |
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID; |
+ return NULL; |
} |
} |
-const NSSItem * |
-nss_ckmk_FetchAttribute |
-( |
- ckmkInternalObject *io, |
- CK_ATTRIBUTE_TYPE type, |
- CK_RV *pError |
-) |
-{ |
+const NSSItem *nss_ckmk_FetchAttribute(ckmkInternalObject *io, |
+ CK_ATTRIBUTE_TYPE type, CK_RV *pError) { |
CK_ULONG i; |
- const NSSItem * value = NULL; |
+ const NSSItem *value = NULL; |
if (io->type == ckmkRaw) { |
- for( i = 0; i < io->u.raw.n; i++ ) { |
- if( type == io->u.raw.types[i] ) { |
+ for (i = 0; i < io->u.raw.n; i++) { |
+ if (type == io->u.raw.types[i]) { |
return &io->u.raw.items[i]; |
} |
} |
*pError = CKR_ATTRIBUTE_TYPE_INVALID; |
return NULL; |
} |
/* deal with the common attributes */ |
switch (io->objClass) { |
- case CKO_CERTIFICATE: |
- value = ckmk_FetchCertAttribute(io, type, pError); |
- break; |
- case CKO_PRIVATE_KEY: |
- value = ckmk_FetchPrivKeyAttribute(io, type, pError); |
- break; |
- case CKO_PUBLIC_KEY: |
- value = ckmk_FetchPubKeyAttribute(io, type, pError); |
- break; |
- default: |
- *pError = CKR_OBJECT_HANDLE_INVALID; |
- return NULL; |
- } |
+ case CKO_CERTIFICATE: |
+ value = ckmk_FetchCertAttribute(io, type, pError); |
+ break; |
+ case CKO_PRIVATE_KEY: |
+ value = ckmk_FetchPrivKeyAttribute(io, type, pError); |
+ break; |
+ case CKO_PUBLIC_KEY: |
+ value = ckmk_FetchPubKeyAttribute(io, type, pError); |
+ break; |
+ default: |
+ *pError = CKR_OBJECT_HANDLE_INVALID; |
+ return NULL; |
+ } |
#ifdef DEBUG |
if (CKA_ID == type) { |
itemdump("id: ", value->data, value->size, *pError); |
} |
#endif |
return value; |
} |
-static void |
-ckmk_removeObjectFromHash |
-( |
- ckmkInternalObject *io |
-); |
+static void ckmk_removeObjectFromHash(ckmkInternalObject *io); |
/* |
* |
* These are the MSObject functions we need to implement |
* |
* Finalize - unneeded (actually we should clean up the hashtables) |
- * Destroy |
+ * Destroy |
* IsTokenObject - CK_TRUE |
* GetAttributeCount |
* GetAttributeTypes |
* GetAttributeSize |
* GetAttribute |
* SetAttribute |
* GetObjectSize |
*/ |
-static CK_RV |
-ckmk_mdObject_Destroy |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance |
-) |
-{ |
+static CK_RV ckmk_mdObject_Destroy( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance) { |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
OSStatus macErr; |
if (ckmkRaw == io->type) { |
/* there is not 'object write protected' error, use the next best thing */ |
return CKR_TOKEN_WRITE_PROTECTED; |
} |
@@ -941,395 +792,292 @@ ckmk_mdObject_Destroy |
ckmk_removeObjectFromHash(io); |
/* free the puppy.. */ |
nss_ckmk_DestroyInternalObject(io); |
return CKR_OK; |
} |
-static CK_BBOOL |
-ckmk_mdObject_IsTokenObject |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance |
-) |
-{ |
+static CK_BBOOL ckmk_mdObject_IsTokenObject( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance) { |
return CK_TRUE; |
} |
-static CK_ULONG |
-ckmk_mdObject_GetAttributeCount |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_RV *pError |
-) |
-{ |
+static CK_ULONG ckmk_mdObject_GetAttributeCount( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, CK_RV *pError) { |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
if (ckmkRaw == io->type) { |
- return io->u.raw.n; |
+ return io->u.raw.n; |
} |
switch (io->objClass) { |
- case CKO_CERTIFICATE: |
- return certAttrsCount; |
- case CKO_PUBLIC_KEY: |
- return pubKeyAttrsCount; |
- case CKO_PRIVATE_KEY: |
- return privKeyAttrsCount; |
- default: |
- break; |
+ case CKO_CERTIFICATE: |
+ return certAttrsCount; |
+ case CKO_PUBLIC_KEY: |
+ return pubKeyAttrsCount; |
+ case CKO_PRIVATE_KEY: |
+ return privKeyAttrsCount; |
+ default: |
+ break; |
} |
return 0; |
} |
-static CK_RV |
-ckmk_mdObject_GetAttributeTypes |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_ATTRIBUTE_TYPE_PTR typeArray, |
- CK_ULONG ulCount |
-) |
-{ |
+static CK_RV ckmk_mdObject_GetAttributeTypes( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, |
+ CK_ATTRIBUTE_TYPE_PTR typeArray, CK_ULONG ulCount) { |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
CK_ULONG i; |
CK_RV error = CKR_OK; |
const CK_ATTRIBUTE_TYPE *attrs = NULL; |
CK_ULONG size = ckmk_mdObject_GetAttributeCount( |
- mdObject, fwObject, mdSession, fwSession, |
- mdToken, fwToken, mdInstance, fwInstance, &error); |
+ mdObject, fwObject, mdSession, fwSession, mdToken, fwToken, mdInstance, |
+ fwInstance, &error); |
- if( size != ulCount ) { |
+ if (size != ulCount) { |
return CKR_BUFFER_TOO_SMALL; |
} |
if (io->type == ckmkRaw) { |
attrs = io->u.raw.types; |
- } else switch(io->objClass) { |
- case CKO_CERTIFICATE: |
- attrs = certAttrs; |
- break; |
- case CKO_PUBLIC_KEY: |
- attrs = pubKeyAttrs; |
- break; |
- case CKO_PRIVATE_KEY: |
- attrs = privKeyAttrs; |
- break; |
- default: |
- return CKR_OK; |
- } |
- |
- for( i = 0; i < size; i++) { |
+ } else |
+ switch (io->objClass) { |
+ case CKO_CERTIFICATE: |
+ attrs = certAttrs; |
+ break; |
+ case CKO_PUBLIC_KEY: |
+ attrs = pubKeyAttrs; |
+ break; |
+ case CKO_PRIVATE_KEY: |
+ attrs = privKeyAttrs; |
+ break; |
+ default: |
+ return CKR_OK; |
+ } |
+ |
+ for (i = 0; i < size; i++) { |
typeArray[i] = attrs[i]; |
} |
return CKR_OK; |
} |
-static CK_ULONG |
-ckmk_mdObject_GetAttributeSize |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_ATTRIBUTE_TYPE attribute, |
- CK_RV *pError |
-) |
-{ |
+static CK_ULONG ckmk_mdObject_GetAttributeSize( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, |
+ CK_ATTRIBUTE_TYPE attribute, CK_RV *pError) { |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
const NSSItem *b; |
b = nss_ckmk_FetchAttribute(io, attribute, pError); |
if ((const NSSItem *)NULL == b) { |
return 0; |
} |
return b->size; |
} |
-static CK_RV |
-ckmk_mdObject_SetAttribute |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_ATTRIBUTE_TYPE attribute, |
- NSSItem *value |
-) |
-{ |
+static CK_RV ckmk_mdObject_SetAttribute( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, |
+ CK_ATTRIBUTE_TYPE attribute, NSSItem *value) { |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
SecKeychainItemRef itemRef; |
if (io->type == ckmkRaw) { |
return CKR_TOKEN_WRITE_PROTECTED; |
} |
itemRef = io->u.item.itemRef; |
switch (io->objClass) { |
- case CKO_PRIVATE_KEY: |
- case CKO_PUBLIC_KEY: |
- switch (attribute) { |
- case CKA_ID: |
- ckmk_updateAttribute(itemRef, kSecKeyLabel, |
- value->data, value->size, "Set Attr Key ID"); |
+ case CKO_PRIVATE_KEY: |
+ case CKO_PUBLIC_KEY: |
+ switch (attribute) { |
+ case CKA_ID: |
+ ckmk_updateAttribute(itemRef, kSecKeyLabel, value->data, value->size, |
+ "Set Attr Key ID"); |
#ifdef DEBUG |
- itemdump("key id: ", value->data, value->size, CKR_OK); |
+ itemdump("key id: ", value->data, value->size, CKR_OK); |
#endif |
+ break; |
+ case CKA_LABEL: |
+ ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, |
+ value->size, "Set Attr Key Label"); |
+ break; |
+ default: |
+ break; |
+ } |
break; |
- case CKA_LABEL: |
- ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, |
- value->size, "Set Attr Key Label"); |
+ |
+ case CKO_CERTIFICATE: |
+ switch (attribute) { |
+ case CKA_ID: |
+ ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, value->data, |
+ value->size, "Set Attr Cert ID"); |
+ break; |
+ case CKA_LABEL: |
+ ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, |
+ value->size, "Set Attr Cert Label"); |
+ break; |
+ default: |
+ break; |
+ } |
break; |
+ |
default: |
break; |
- } |
- break; |
- |
- case CKO_CERTIFICATE: |
- switch (attribute) { |
- case CKA_ID: |
- ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, |
- value->data, value->size, "Set Attr Cert ID"); |
- break; |
- case CKA_LABEL: |
- ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, |
- value->size, "Set Attr Cert Label"); |
- break; |
- default: |
- break; |
- } |
- break; |
- |
- default: |
- break; |
- } |
+ } |
return CKR_OK; |
} |
-static NSSCKFWItem |
-ckmk_mdObject_GetAttribute |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_ATTRIBUTE_TYPE attribute, |
- CK_RV *pError |
-) |
-{ |
+static NSSCKFWItem ckmk_mdObject_GetAttribute( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, |
+ CK_ATTRIBUTE_TYPE attribute, CK_RV *pError) { |
NSSCKFWItem mdItem; |
ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; |
mdItem.needsFreeing = PR_FALSE; |
- mdItem.item = (NSSItem*)nss_ckmk_FetchAttribute(io, attribute, pError); |
- |
+ mdItem.item = (NSSItem *)nss_ckmk_FetchAttribute(io, attribute, pError); |
return mdItem; |
} |
-static CK_ULONG |
-ckmk_mdObject_GetObjectSize |
-( |
- NSSCKMDObject *mdObject, |
- NSSCKFWObject *fwObject, |
- NSSCKMDSession *mdSession, |
- NSSCKFWSession *fwSession, |
- NSSCKMDToken *mdToken, |
- NSSCKFWToken *fwToken, |
- NSSCKMDInstance *mdInstance, |
- NSSCKFWInstance *fwInstance, |
- CK_RV *pError |
-) |
-{ |
+static CK_ULONG ckmk_mdObject_GetObjectSize( |
+ NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, |
+ NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, |
+ NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance, CK_RV *pError) { |
CK_ULONG rv = 1; |
/* size is irrelevant to this token */ |
return rv; |
} |
-static const NSSCKMDObject |
-ckmk_prototype_mdObject = { |
- (void *)NULL, /* etc */ |
- NULL, /* Finalize */ |
- ckmk_mdObject_Destroy, |
- ckmk_mdObject_IsTokenObject, |
- ckmk_mdObject_GetAttributeCount, |
- ckmk_mdObject_GetAttributeTypes, |
- ckmk_mdObject_GetAttributeSize, |
- ckmk_mdObject_GetAttribute, |
- NULL, /* FreeAttribute */ |
- ckmk_mdObject_SetAttribute, |
- ckmk_mdObject_GetObjectSize, |
- (void *)NULL /* null terminator */ |
+static const NSSCKMDObject ckmk_prototype_mdObject = { |
+ (void *)NULL, /* etc */ |
+ NULL, /* Finalize */ |
+ ckmk_mdObject_Destroy, ckmk_mdObject_IsTokenObject, |
+ ckmk_mdObject_GetAttributeCount, ckmk_mdObject_GetAttributeTypes, |
+ ckmk_mdObject_GetAttributeSize, ckmk_mdObject_GetAttribute, |
+ NULL, /* FreeAttribute */ |
+ ckmk_mdObject_SetAttribute, ckmk_mdObject_GetObjectSize, |
+ (void *)NULL /* null terminator */ |
}; |
static nssHash *ckmkInternalObjectHash = NULL; |
-NSS_IMPLEMENT NSSCKMDObject * |
-nss_ckmk_CreateMDObject |
-( |
- NSSArena *arena, |
- ckmkInternalObject *io, |
- CK_RV *pError |
-) |
-{ |
+NSS_IMPLEMENT NSSCKMDObject *nss_ckmk_CreateMDObject(NSSArena *arena, |
+ ckmkInternalObject *io, |
+ CK_RV *pError) { |
if ((nssHash *)NULL == ckmkInternalObjectHash) { |
ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); |
} |
if (ckmkItem == io->type) { |
/* the hash key, not a cryptographic key */ |
NSSItem *key = &io->hashKey; |
ckmkInternalObject *old_o = NULL; |
if (key->size == 0) { |
ckmk_FetchHashKey(io); |
} |
- old_o = (ckmkInternalObject *) |
- nssHash_Lookup(ckmkInternalObjectHash, key); |
+ old_o = (ckmkInternalObject *)nssHash_Lookup(ckmkInternalObjectHash, key); |
if (!old_o) { |
nssHash_Add(ckmkInternalObjectHash, key, io); |
} else if (old_o != io) { |
nss_ckmk_DestroyInternalObject(io); |
io = old_o; |
} |
} |
- |
- if ( (void*)NULL == io->mdObject.etc) { |
- (void) nsslibc_memcpy(&io->mdObject,&ckmk_prototype_mdObject, |
- sizeof(ckmk_prototype_mdObject)); |
+ |
+ if ((void *)NULL == io->mdObject.etc) { |
+ (void)nsslibc_memcpy(&io->mdObject, &ckmk_prototype_mdObject, |
+ sizeof(ckmk_prototype_mdObject)); |
io->mdObject.etc = (void *)io; |
} |
return &io->mdObject; |
} |
-static void |
-ckmk_removeObjectFromHash |
-( |
- ckmkInternalObject *io |
-) |
-{ |
+static void ckmk_removeObjectFromHash(ckmkInternalObject *io) { |
NSSItem *key = &io->hashKey; |
if ((nssHash *)NULL == ckmkInternalObjectHash) { |
return; |
} |
if (key->size == 0) { |
ckmk_FetchHashKey(io); |
} |
nssHash_Remove(ckmkInternalObjectHash, key); |
return; |
} |
- |
-void |
-nss_ckmk_DestroyInternalObject |
-( |
- ckmkInternalObject *io |
-) |
-{ |
+void nss_ckmk_DestroyInternalObject(ckmkInternalObject *io) { |
switch (io->type) { |
- case ckmkRaw: |
- return; |
- case ckmkItem: |
- nss_ZFreeIf(io->u.item.modify.data); |
- nss_ZFreeIf(io->u.item.private.data); |
- nss_ZFreeIf(io->u.item.encrypt.data); |
- nss_ZFreeIf(io->u.item.decrypt.data); |
- nss_ZFreeIf(io->u.item.derive.data); |
- nss_ZFreeIf(io->u.item.sign.data); |
- nss_ZFreeIf(io->u.item.signRecover.data); |
- nss_ZFreeIf(io->u.item.verify.data); |
- nss_ZFreeIf(io->u.item.verifyRecover.data); |
- nss_ZFreeIf(io->u.item.wrap.data); |
- nss_ZFreeIf(io->u.item.unwrap.data); |
- nss_ZFreeIf(io->u.item.label.data); |
- /*nss_ZFreeIf(io->u.item.subject.data); */ |
- /*nss_ZFreeIf(io->u.item.issuer.data); */ |
- nss_ZFreeIf(io->u.item.serial.data); |
- nss_ZFreeIf(io->u.item.modulus.data); |
- nss_ZFreeIf(io->u.item.exponent.data); |
- nss_ZFreeIf(io->u.item.privateExponent.data); |
- nss_ZFreeIf(io->u.item.prime1.data); |
- nss_ZFreeIf(io->u.item.prime2.data); |
- nss_ZFreeIf(io->u.item.exponent1.data); |
- nss_ZFreeIf(io->u.item.exponent2.data); |
- nss_ZFreeIf(io->u.item.coefficient.data); |
- break; |
+ case ckmkRaw: |
+ return; |
+ case ckmkItem: |
+ nss_ZFreeIf(io->u.item.modify.data); |
+ nss_ZFreeIf(io->u.item.private.data); |
+ nss_ZFreeIf(io->u.item.encrypt.data); |
+ nss_ZFreeIf(io->u.item.decrypt.data); |
+ nss_ZFreeIf(io->u.item.derive.data); |
+ nss_ZFreeIf(io->u.item.sign.data); |
+ nss_ZFreeIf(io->u.item.signRecover.data); |
+ nss_ZFreeIf(io->u.item.verify.data); |
+ nss_ZFreeIf(io->u.item.verifyRecover.data); |
+ nss_ZFreeIf(io->u.item.wrap.data); |
+ nss_ZFreeIf(io->u.item.unwrap.data); |
+ nss_ZFreeIf(io->u.item.label.data); |
+ /*nss_ZFreeIf(io->u.item.subject.data); */ |
+ /*nss_ZFreeIf(io->u.item.issuer.data); */ |
+ nss_ZFreeIf(io->u.item.serial.data); |
+ nss_ZFreeIf(io->u.item.modulus.data); |
+ nss_ZFreeIf(io->u.item.exponent.data); |
+ nss_ZFreeIf(io->u.item.privateExponent.data); |
+ nss_ZFreeIf(io->u.item.prime1.data); |
+ nss_ZFreeIf(io->u.item.prime2.data); |
+ nss_ZFreeIf(io->u.item.exponent1.data); |
+ nss_ZFreeIf(io->u.item.exponent2.data); |
+ nss_ZFreeIf(io->u.item.coefficient.data); |
+ break; |
} |
nss_ZFreeIf(io); |
return; |
} |
- |
-static ckmkInternalObject * |
-nss_ckmk_NewInternalObject |
-( |
- CK_OBJECT_CLASS objClass, |
- SecKeychainItemRef itemRef, |
- SecItemClass itemClass, |
- CK_RV *pError |
-) |
-{ |
+static ckmkInternalObject *nss_ckmk_NewInternalObject( |
+ CK_OBJECT_CLASS objClass, SecKeychainItemRef itemRef, |
+ SecItemClass itemClass, CK_RV *pError) { |
ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); |
if ((ckmkInternalObject *)NULL == io) { |
*pError = CKR_HOST_MEMORY; |
return io; |
} |
io->type = ckmkItem; |
io->objClass = objClass; |
io->u.item.itemRef = itemRef; |
io->u.item.itemClass = itemClass; |
return io; |
} |
/* |
- * Apple doesn't alway have a default keyChain set by the OS, use the |
+ * Apple doesn't alway have a default keyChain set by the OS, use the |
* SearchList to try to find one. |
*/ |
-static CK_RV |
-ckmk_GetSafeDefaultKeychain |
-( |
- SecKeychainRef *keychainRef |
-) |
-{ |
+static CK_RV ckmk_GetSafeDefaultKeychain(SecKeychainRef *keychainRef) { |
OSStatus macErr; |
CFArrayRef searchList = 0; |
CK_RV error = CKR_OK; |
macErr = SecKeychainCopyDefault(keychainRef); |
if (noErr != macErr) { |
int searchCount = 0; |
if (errSecNoDefaultKeychain != macErr) { |
@@ -1344,98 +1092,91 @@ ckmk_GetSafeDefaultKeychain |
error = CKR_DEVICE_REMOVED; |
goto loser; |
} |
searchCount = CFArrayGetCount(searchList); |
if (searchCount < 1) { |
error = CKR_DEVICE_REMOVED; |
goto loser; |
} |
- *keychainRef = |
+ *keychainRef = |
(SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); |
if (0 == *keychainRef) { |
error = CKR_DEVICE_REMOVED; |
goto loser; |
} |
/* should we set it as default? */ |
} |
loser: |
if (0 != searchList) { |
CFRelease(searchList); |
} |
return error; |
} |
-static ckmkInternalObject * |
-nss_ckmk_CreateCertificate |
-( |
- NSSCKFWSession *fwSession, |
- CK_ATTRIBUTE_PTR pTemplate, |
- CK_ULONG ulAttributeCount, |
- CK_RV *pError |
-) |
-{ |
+static ckmkInternalObject *nss_ckmk_CreateCertificate( |
+ NSSCKFWSession *fwSession, CK_ATTRIBUTE_PTR pTemplate, |
+ CK_ULONG ulAttributeCount, CK_RV *pError) { |
NSSItem value; |
- ckmkInternalObject *io = NULL; |
+ ckmkInternalObject *io = NULL; |
OSStatus macErr; |
SecCertificateRef certRef; |
SecKeychainItemRef itemRef; |
SecKeychainRef keychainRef; |
CSSM_DATA certData; |
- *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, |
- ulAttributeCount, &value); |
+ *pError = |
+ nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, ulAttributeCount, &value); |
if (CKR_OK != *pError) { |
goto loser; |
} |
certData.Data = value.data; |
certData.Length = value.size; |
- macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, |
- CSSM_CERT_ENCODING_BER, &certRef); |
+ macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, |
+ CSSM_CERT_ENCODING_BER, &certRef); |
if (noErr != macErr) { |
CKMK_MACERR("Create cert from data Failed", macErr); |
*pError = CKR_GENERAL_ERROR; /* need to map macErr */ |
goto loser; |
} |
*pError = ckmk_GetSafeDefaultKeychain(&keychainRef); |
if (CKR_OK != *pError) { |
goto loser; |
} |
- macErr = SecCertificateAddToKeychain( certRef, keychainRef); |
- itemRef = (SecKeychainItemRef) certRef; |
+ macErr = SecCertificateAddToKeychain(certRef, keychainRef); |
+ itemRef = (SecKeychainItemRef)certRef; |
if (errSecDuplicateItem != macErr) { |
- NSSItem keyID = { NULL, 0 }; |
+ NSSItem keyID = {NULL, 0}; |
char *nickname = NULL; |
CK_RV dummy; |
if (noErr != macErr) { |
CKMK_MACERR("Add cert to keychain Failed", macErr); |
*pError = CKR_GENERAL_ERROR; /* need to map macErr */ |
goto loser; |
} |
/* these two are optional */ |
- nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, |
- ulAttributeCount, &dummy); |
+ nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, |
+ ulAttributeCount, &dummy); |
/* we've added a new one, update the attributes in the key ring */ |
if (nickname) { |
- ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, |
- strlen(nickname)+1, "Modify Cert Label"); |
+ ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, |
+ strlen(nickname) + 1, "Modify Cert Label"); |
nss_ZFreeIf(nickname); |
} |
- dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, |
- ulAttributeCount, &keyID); |
+ dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, ulAttributeCount, &keyID); |
if (CKR_OK == dummy) { |
- dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, |
- keyID.data, keyID.size, "Modify Cert ID"); |
+ dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, |
+ keyID.data, keyID.size, "Modify Cert ID"); |
} |
} |
- io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, |
+ io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, |
kSecCertificateItemClass, pError); |
if ((ckmkInternalObject *)NULL != io) { |
itemRef = 0; |
} |
loser: |
if (0 != itemRef) { |
CFRelease(itemRef); |
@@ -1446,340 +1187,318 @@ loser: |
return io; |
} |
/* |
* PKCS #8 attributes |
*/ |
struct ckmk_AttributeStr { |
- SECItem attrType; |
- SECItem *attrValue; |
+ SECItem attrType; |
+ SECItem *attrValue; |
}; |
typedef struct ckmk_AttributeStr ckmk_Attribute; |
/* |
** A PKCS#8 private key info object |
*/ |
struct PrivateKeyInfoStr { |
- PLArenaPool *arena; |
- SECItem version; |
- SECAlgorithmID algorithm; |
- SECItem privateKey; |
- ckmk_Attribute **attributes; |
+ PLArenaPool *arena; |
+ SECItem version; |
+ SECAlgorithmID algorithm; |
+ SECItem privateKey; |
+ ckmk_Attribute **attributes; |
}; |
typedef struct PrivateKeyInfoStr PrivateKeyInfo; |
const SEC_ASN1Template ckmk_RSAPrivateKeyTemplate[] = { |
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,version) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,modulus) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,publicExponent) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,privateExponent) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime1) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime2) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent1) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent2) }, |
- { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,coefficient) }, |
- { 0 } |
-}; |
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, modulus)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, publicExponent)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, privateExponent)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime1)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime2)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent1)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient)}, |
+ {0}}; |
const SEC_ASN1Template ckmk_AttributeTemplate[] = { |
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute) }, |
- { SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType) }, |
- { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), |
- SEC_AnyTemplate }, |
- { 0 } |
-}; |
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute)}, |
+ {SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType)}, |
+ {SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), SEC_AnyTemplate}, |
+ {0}}; |
const SEC_ASN1Template ckmk_SetOfAttributeTemplate[] = { |
- { SEC_ASN1_SET_OF, 0, ckmk_AttributeTemplate }, |
-}; |
+ {SEC_ASN1_SET_OF, 0, ckmk_AttributeTemplate}, }; |
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) |
/* ASN1 Templates for new decoder/encoder */ |
const SEC_ASN1Template ckmk_PrivateKeyInfoTemplate[] = { |
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo) }, |
- { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo,version) }, |
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo,algorithm), |
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, |
- { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo,privateKey) }, |
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, |
- offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, |
- { 0 } |
-}; |
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo)}, |
+ {SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo, version)}, |
+ {SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo, algorithm), |
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate)}, |
+ {SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo, privateKey)}, |
+ {SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, |
+ offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate}, |
+ {0}}; |
#define CKMK_PRIVATE_KEY_INFO_VERSION 0 |
-static CK_RV |
-ckmk_CreateRSAKeyBlob |
-( |
- RSAPrivateKey *lk, |
- NSSItem *keyBlob |
-) |
-{ |
+static CK_RV ckmk_CreateRSAKeyBlob(RSAPrivateKey *lk, NSSItem *keyBlob) { |
PrivateKeyInfo *pki = NULL; |
PLArenaPool *arena = NULL; |
SECOidTag algorithm = SEC_OID_UNKNOWN; |
void *dummy; |
SECStatus rv; |
SECItem *encodedKey = NULL; |
CK_RV error = CKR_OK; |
- arena = PORT_NewArena(2048); /* XXX different size? */ |
- if(!arena) { |
+ arena = PORT_NewArena(2048); /* XXX different size? */ |
+ if (!arena) { |
error = CKR_HOST_MEMORY; |
goto loser; |
} |
- pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); |
- if(!pki) { |
+ pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); |
+ if (!pki) { |
error = CKR_HOST_MEMORY; |
goto loser; |
} |
pki->arena = arena; |
dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, |
ckmk_RSAPrivateKeyTemplate); |
algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; |
- |
+ |
if (!dummy) { |
error = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
goto loser; |
} |
- |
- rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, |
- (SECItem*)NULL); |
+ |
+ rv = |
+ SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, (SECItem *)NULL); |
if (rv != SECSuccess) { |
error = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
goto loser; |
} |
- dummy = SEC_ASN1EncodeInteger(arena, &pki->version, |
+ dummy = SEC_ASN1EncodeInteger(arena, &pki->version, |
CKMK_PRIVATE_KEY_INFO_VERSION); |
if (!dummy) { |
error = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
goto loser; |
} |
- encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, |
- ckmk_PrivateKeyInfoTemplate); |
+ encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, ckmk_PrivateKeyInfoTemplate); |
if (!encodedKey) { |
error = CKR_DEVICE_ERROR; |
goto loser; |
} |
keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); |
if (NULL == keyBlob->data) { |
error = CKR_HOST_MEMORY; |
goto loser; |
} |
nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); |
keyBlob->size = encodedKey->len; |
loser: |
- if(arena) { |
+ if (arena) { |
PORT_FreeArena(arena, PR_TRUE); |
} |
if (encodedKey) { |
SECITEM_FreeItem(encodedKey, PR_TRUE); |
} |
- |
+ |
return error; |
} |
/* |
* There MUST be a better way to do this. For now, find the key based on the |
* default name Apple gives it once we import. |
*/ |
#define IMPORTED_NAME "Imported Private Key" |
-static CK_RV |
-ckmk_FindImportedKey |
-( |
- SecKeychainRef keychainRef, |
- SecItemClass itemClass, |
- SecKeychainItemRef *outItemRef |
-) |
-{ |
+static CK_RV ckmk_FindImportedKey(SecKeychainRef keychainRef, |
+ SecItemClass itemClass, |
+ SecKeychainItemRef *outItemRef) { |
OSStatus macErr; |
SecKeychainSearchRef searchRef = 0; |
SecKeychainItemRef newItemRef; |
- macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, |
- NULL, &searchRef); |
+ macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, NULL, |
+ &searchRef); |
if (noErr != macErr) { |
CKMK_MACERR("Can't search for Key", macErr); |
return CKR_GENERAL_ERROR; |
} |
while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { |
SecKeychainAttributeList *attrList = NULL; |
SecKeychainAttributeInfo attrInfo; |
SecItemAttr itemAttr = kSecKeyPrintName; |
PRUint32 attrFormat = 0; |
OSStatus macErr; |
attrInfo.count = 1; |
attrInfo.tag = &itemAttr; |
attrInfo.format = &attrFormat; |
- macErr = SecKeychainItemCopyAttributesAndData(newItemRef, |
- &attrInfo, NULL, &attrList, NULL, NULL); |
+ macErr = SecKeychainItemCopyAttributesAndData(newItemRef, &attrInfo, NULL, |
+ &attrList, NULL, NULL); |
if (noErr == macErr) { |
- if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, |
+ if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, |
attrList->attr->length, NULL) == 0) { |
*outItemRef = newItemRef; |
- CFRelease (searchRef); |
+ CFRelease(searchRef); |
SecKeychainItemFreeAttributesAndData(attrList, NULL); |
return CKR_OK; |
} |
SecKeychainItemFreeAttributesAndData(attrList, NULL); |
} |
CFRelease(newItemRef); |
} |
- CFRelease (searchRef); |
+ CFRelease(searchRef); |
return CKR_GENERAL_ERROR; /* we can come up with something better! */ |
} |
-static ckmkInternalObject * |
-nss_ckmk_CreatePrivateKey |
-( |
- NSSCKFWSession *fwSession, |
- CK_ATTRIBUTE_PTR pTemplate, |
- CK_ULONG ulAttributeCount, |
- CK_RV *pError |
-) |
-{ |
+static ckmkInternalObject *nss_ckmk_CreatePrivateKey(NSSCKFWSession *fwSession, |
+ CK_ATTRIBUTE_PTR pTemplate, |
+ CK_ULONG ulAttributeCount, |
+ CK_RV *pError) { |
NSSItem attribute; |
RSAPrivateKey lk; |
NSSItem keyID; |
char *nickname = NULL; |
ckmkInternalObject *io = NULL; |
CK_KEY_TYPE keyType; |
OSStatus macErr; |
SecKeychainItemRef itemRef = 0; |
- NSSItem keyBlob = { NULL, 0 }; |
+ NSSItem keyBlob = {NULL, 0}; |
CFDataRef dataRef = 0; |
- SecExternalFormat inputFormat = kSecFormatBSAFE; |
+ SecExternalFormat inputFormat = kSecFormatBSAFE; |
/*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ |
SecExternalItemType itemType = kSecItemTypePrivateKey; |
- SecKeyImportExportParameters keyParams ; |
+ SecKeyImportExportParameters keyParams; |
SecKeychainRef targetKeychain = 0; |
unsigned char zero = 0; |
CK_RV error; |
- |
+ |
keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; |
keyParams.flags = 0; |
keyParams.passphrase = 0; |
keyParams.alertTitle = 0; |
keyParams.alertPrompt = 0; |
- keyParams.accessRef = 0; /* default */ |
- keyParams.keyUsage = 0; /* will get filled in */ |
+ keyParams.accessRef = 0; /* default */ |
+ keyParams.keyUsage = 0; /* will get filled in */ |
keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ |
- keyType = nss_ckmk_GetULongAttribute |
- (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); |
+ keyType = nss_ckmk_GetULongAttribute(CKA_KEY_TYPE, pTemplate, |
+ ulAttributeCount, pError); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
if (CKK_RSA != keyType) { |
*pError = CKR_ATTRIBUTE_VALUE_INVALID; |
return (ckmkInternalObject *)NULL; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, |
- pTemplate, ulAttributeCount, CK_TRUE)) { |
+ if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, pTemplate, ulAttributeCount, |
+ CK_TRUE)) { |
keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, |
- pTemplate, ulAttributeCount, CK_TRUE)) { |
- keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; |
+ if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, pTemplate, ulAttributeCount, |
+ CK_TRUE)) { |
+ keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_SIGN, |
- pTemplate, ulAttributeCount, CK_TRUE)) { |
+ if (nss_ckmk_GetBoolAttribute(CKA_SIGN, pTemplate, ulAttributeCount, |
+ CK_TRUE)) { |
keyParams.keyUsage |= CSSM_KEYUSE_SIGN; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, |
- pTemplate, ulAttributeCount, CK_FALSE)) { |
+ if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, pTemplate, ulAttributeCount, |
+ CK_FALSE)) { |
keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, |
- pTemplate, ulAttributeCount, CK_TRUE)) { |
- keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; |
+ if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, pTemplate, ulAttributeCount, |
+ CK_TRUE)) { |
+ keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; |
} |
- if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, |
- pTemplate, ulAttributeCount, CK_TRUE)) { |
+ if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, pTemplate, ulAttributeCount, |
+ CK_TRUE)) { |
keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; |
} |
lk.version.type = siUnsignedInteger; |
lk.version.data = &zero; |
lk.version.len = 1; |
- *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.modulus.type = siUnsignedInteger; |
lk.modulus.data = attribute.data; |
lk.modulus.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, |
+ *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, |
ulAttributeCount, &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.publicExponent.type = siUnsignedInteger; |
lk.publicExponent.data = attribute.data; |
lk.publicExponent.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, |
+ *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, |
ulAttributeCount, &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.privateExponent.type = siUnsignedInteger; |
lk.privateExponent.data = attribute.data; |
lk.privateExponent.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.prime1.type = siUnsignedInteger; |
lk.prime1.data = attribute.data; |
lk.prime1.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.prime2.type = siUnsignedInteger; |
lk.prime2.data = attribute.data; |
lk.prime2.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.exponent1.type = siUnsignedInteger; |
lk.exponent1.data = attribute.data; |
lk.exponent1.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.exponent2.type = siUnsignedInteger; |
lk.exponent2.data = attribute.data; |
lk.exponent2.len = attribute.size; |
- *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, |
- ulAttributeCount, &attribute); |
+ *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, ulAttributeCount, |
+ &attribute); |
if (CKR_OK != *pError) { |
return (ckmkInternalObject *)NULL; |
} |
lk.coefficient.type = siUnsignedInteger; |
lk.coefficient.data = attribute.data; |
lk.coefficient.len = attribute.size; |
/* ASN1 Encode the pkcs8 structure... look at softoken to see how this |
@@ -1795,64 +1514,60 @@ nss_ckmk_CreatePrivateKey |
goto loser; |
} |
*pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); |
if (CKR_OK != *pError) { |
goto loser; |
} |
- |
/* the itemArray that is returned is useless. the item does not |
* is 'not on the key chain' so none of the modify calls work on it. |
* It also has a key that isn't the same key as the one in the actual |
* key chain. In short it isn't the item we want, and it gives us zero |
* information about the item we want, so don't even bother with it... |
*/ |
macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, |
- &keyParams, targetKeychain, NULL); |
+ &keyParams, targetKeychain, NULL); |
if (noErr != macErr) { |
CKMK_MACERR("Import Private Key", macErr); |
*pError = CKR_GENERAL_ERROR; |
goto loser; |
} |
- *pError = ckmk_FindImportedKey(targetKeychain, |
- CSSM_DL_DB_RECORD_PRIVATE_KEY, |
+ *pError = ckmk_FindImportedKey(targetKeychain, CSSM_DL_DB_RECORD_PRIVATE_KEY, |
&itemRef); |
if (CKR_OK != *pError) { |
#ifdef DEBUG |
- fprintf(stderr,"couldn't find key in keychain \n"); |
+ fprintf(stderr, "couldn't find key in keychain \n"); |
#endif |
goto loser; |
} |
- |
/* set the CKA_ID and the CKA_LABEL */ |
- error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, |
- ulAttributeCount, &keyID); |
+ error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, ulAttributeCount, &keyID); |
if (CKR_OK == error) { |
- error = ckmk_updateAttribute(itemRef, kSecKeyLabel, |
- keyID.data, keyID.size, "Modify Key ID"); |
+ error = ckmk_updateAttribute(itemRef, kSecKeyLabel, keyID.data, keyID.size, |
+ "Modify Key ID"); |
#ifdef DEBUG |
itemdump("key id: ", keyID.data, keyID.size, error); |
#endif |
} |
- nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, |
- ulAttributeCount, &error); |
+ nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, ulAttributeCount, |
+ &error); |
if (nickname) { |
- ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, |
- strlen(nickname)+1, "Modify Key Label"); |
+ ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, |
+ strlen(nickname) + 1, "Modify Key Label"); |
} else { |
#define DEFAULT_NICKNAME "NSS Imported Key" |
- ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, |
- sizeof(DEFAULT_NICKNAME), "Modify Key Label"); |
+ ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, |
+ sizeof(DEFAULT_NICKNAME), "Modify Key Label"); |
} |
- io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, |
+ io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, |
CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); |
if ((ckmkInternalObject *)NULL == io) { |
CFRelease(itemRef); |
} |
return io; |
loser: |
@@ -1864,61 +1579,55 @@ loser: |
CFRelease(targetKeychain); |
} |
if (0 != dataRef) { |
CFRelease(dataRef); |
} |
return io; |
} |
- |
-NSS_EXTERN NSSCKMDObject * |
-nss_ckmk_CreateObject |
-( |
- NSSCKFWSession *fwSession, |
- CK_ATTRIBUTE_PTR pTemplate, |
- CK_ULONG ulAttributeCount, |
- CK_RV *pError |
-) |
-{ |
+NSS_EXTERN NSSCKMDObject *nss_ckmk_CreateObject(NSSCKFWSession *fwSession, |
+ CK_ATTRIBUTE_PTR pTemplate, |
+ CK_ULONG ulAttributeCount, |
+ CK_RV *pError) { |
CK_OBJECT_CLASS objClass; |
ckmkInternalObject *io = NULL; |
CK_BBOOL isToken; |
/* |
* only create token objects |
*/ |
- isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, |
- ulAttributeCount, CK_FALSE); |
+ isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, ulAttributeCount, |
+ CK_FALSE); |
if (!isToken) { |
*pError = CKR_ATTRIBUTE_VALUE_INVALID; |
- return (NSSCKMDObject *) NULL; |
+ return (NSSCKMDObject *)NULL; |
} |
/* |
* only create keys and certs. |
*/ |
- objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, |
- ulAttributeCount, pError); |
+ objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, ulAttributeCount, |
+ pError); |
if (CKR_OK != *pError) { |
- return (NSSCKMDObject *) NULL; |
+ return (NSSCKMDObject *)NULL; |
} |
#ifdef notdef |
if (objClass == CKO_PUBLIC_KEY) { |
return CKR_OK; /* fake public key creation, happens as a side effect of |
* private key creation */ |
} |
#endif |
if (objClass == CKO_CERTIFICATE) { |
- io = nss_ckmk_CreateCertificate(fwSession, pTemplate, |
- ulAttributeCount, pError); |
+ io = nss_ckmk_CreateCertificate(fwSession, pTemplate, ulAttributeCount, |
+ pError); |
} else if (objClass == CKO_PRIVATE_KEY) { |
- io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, |
- ulAttributeCount, pError); |
+ io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, ulAttributeCount, |
+ pError); |
} else { |
*pError = CKR_ATTRIBUTE_VALUE_INVALID; |
} |
if ((ckmkInternalObject *)NULL == io) { |
- return (NSSCKMDObject *) NULL; |
+ return (NSSCKMDObject *)NULL; |
} |
return nss_ckmk_CreateMDObject(NULL, io, pError); |
} |