/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * The following code handles the storage of PKCS 11 modules used by the * NSS. For the rest of NSS, only one kind of database handle exists: * * SFTKDBHandle * * There is one SFTKDBHandle for the each key database and one for each cert * database. These databases are opened as associated pairs, one pair per * slot. SFTKDBHandles are reference counted objects. * * Each SFTKDBHandle points to a low level database handle (SDB). This handle * represents the underlying physical database. These objects are not * reference counted, an are 'owned' by their respective SFTKDBHandles. * *
*/ #include"sftkdb.h" #include"sftkdbti.h" #include"pkcs11t.h" #include"pkcs11i.h" #include"sdb.h" #include"prprf.h" #include"pratom.h" #include"lgglue.h" #include"utilpars.h" #include"secerr.h" #include"softoken.h" #ifdefined(_WIN32) #include <windows.h> #endif
/* * We want all databases to have the same binary representation independent of * endianness or length of the host architecture. In general PKCS #11 attributes * are endian/length independent except those attributes that pass CK_ULONG. * * The following functions fixes up the CK_ULONG type attributes so that the data * base sees a machine independent view. CK_ULONGs are stored as 4 byte network * byte order values (big endian).
*/ #define BBP 8
PRBool
sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
{ switch (type) { case CKA_CERTIFICATE_CATEGORY: case CKA_CERTIFICATE_TYPE: case CKA_CLASS: case CKA_JAVA_MIDP_SECURITY_DOMAIN: case CKA_KEY_GEN_MECHANISM: case CKA_KEY_TYPE: case CKA_MECHANISM_TYPE: case CKA_MODULUS_BITS: case CKA_PRIME_BITS: case CKA_SUBPRIME_BITS: case CKA_VALUE_BITS: case CKA_VALUE_LEN:
case CKA_TRUST_DIGITAL_SIGNATURE: case CKA_TRUST_NON_REPUDIATION: case CKA_TRUST_KEY_ENCIPHERMENT: case CKA_TRUST_DATA_ENCIPHERMENT: case CKA_TRUST_KEY_AGREEMENT: case CKA_TRUST_KEY_CERT_SIGN: case CKA_TRUST_CRL_SIGN:
case CKA_TRUST_SERVER_AUTH: case CKA_TRUST_CLIENT_AUTH: case CKA_TRUST_CODE_SIGNING: case CKA_TRUST_EMAIL_PROTECTION: case CKA_TRUST_IPSEC_END_SYSTEM: case CKA_TRUST_IPSEC_TUNNEL: case CKA_TRUST_IPSEC_USER: case CKA_TRUST_TIME_STAMPING: case CKA_TRUST_STEP_UP_APPROVED: return PR_TRUE; default: break;
} return PR_FALSE;
}
/* are the attributes private? */ static PRBool
sftkdb_isPrivateAttribute(CK_ATTRIBUTE_TYPE type)
{ switch (type) { case CKA_VALUE: case CKA_PRIVATE_EXPONENT: case CKA_PRIME_1: case CKA_PRIME_2: case CKA_EXPONENT_1: case CKA_EXPONENT_2: case CKA_COEFFICIENT: return PR_TRUE; default: break;
} return PR_FALSE;
}
/* These attributes must be authenticated with an hmac. */ static PRBool
sftkdb_isAuthenticatedAttribute(CK_ATTRIBUTE_TYPE type)
{ switch (type) { case CKA_MODULUS: case CKA_PUBLIC_EXPONENT: case CKA_CERT_SHA1_HASH: case CKA_CERT_MD5_HASH: case CKA_TRUST_SERVER_AUTH: case CKA_TRUST_CLIENT_AUTH: case CKA_TRUST_EMAIL_PROTECTION: case CKA_TRUST_CODE_SIGNING: case CKA_TRUST_STEP_UP_APPROVED: case CKA_NSS_OVERRIDE_EXTENSIONS: return PR_TRUE; default: break;
} return PR_FALSE;
} /* * convert a native ULONG to a database ulong. Database ulong's * are all 4 byte big endian values.
*/ void
sftk_ULong2SDBULong(unsignedchar *data, CK_ULONG value)
{ int i;
for (i = 0; i < SDB_ULONG_SIZE; i++) {
data[i] = (value >> (SDB_ULONG_SIZE - 1 - i) * BBP) & 0xff;
}
}
/* * convert a database ulong back to a native ULONG. (reverse of the above * function).
*/ static CK_ULONG
sftk_SDBULong2ULong(unsignedchar *data)
{ int i;
CK_ULONG value = 0;
for (i = 0; i < SDB_ULONG_SIZE; i++) {
value |= (((CK_ULONG)data[i]) << (SDB_ULONG_SIZE - 1 - i) * BBP);
} return value;
}
/* certain trust records are default values, which are the values * returned if the signature check fails anyway.
* In those cases, we can skip the signature check. */
PRBool
sftkdb_isNullTrust(const CK_ATTRIBUTE *template)
{ switch (template->type) { case CKA_TRUST_SERVER_AUTH: case CKA_TRUST_CLIENT_AUTH: case CKA_TRUST_EMAIL_PROTECTION: case CKA_TRUST_CODE_SIGNING: if (template->ulValueLen != SDB_ULONG_SIZE) { break;
} if (sftk_SDBULong2ULong(template->pValue) ==
CKT_NSS_TRUST_UNKNOWN) { return PR_TRUE;
} break; case CKA_TRUST_STEP_UP_APPROVED: if (template->ulValueLen != 1) { break;
} if (*((unsignedchar *)(template->pValue)) == 0) { return PR_TRUE;
} break; default: break;
} return PR_FALSE;
}
/* * fix up the input templates. Our fixed up ints are stored in data and must * be freed by the caller. The new template must also be freed. If there are no * CK_ULONG attributes, the orignal template is passed in as is.
*/ static CK_ATTRIBUTE *
sftkdb_fixupTemplateIn(const CK_ATTRIBUTE *template, int count, unsignedchar **dataOut, int *dataOutSize)
{ int i; int ulongCount = 0; unsignedchar *data;
CK_ATTRIBUTE *ntemplate;
*dataOut = NULL;
*dataOutSize = 0;
/* first count the number of CK_ULONG attributes */ for (i = 0; i < count; i++) { /* Don't 'fixup' NULL values */ if (!template[i].pValue) { continue;
} if (template[i].ulValueLen == sizeof(CK_ULONG)) { if (sftkdb_isULONGAttribute(template[i].type)) {
ulongCount++;
}
}
} /* no attributes to fixup, just call on through */ if (ulongCount == 0) { return (CK_ATTRIBUTE *)template;
}
/* allocate space for new ULONGS */
data = (unsignedchar *)PORT_Alloc(SDB_ULONG_SIZE * ulongCount); if (!data) { return NULL;
}
/* allocate new template */
ntemplate = PORT_NewArray(CK_ATTRIBUTE, count); if (!ntemplate) {
PORT_Free(data); return NULL;
}
*dataOut = data;
*dataOutSize = SDB_ULONG_SIZE * ulongCount; /* copy the old template, fixup the actual ulongs */ for (i = 0; i < count; i++) {
ntemplate[i] = template[i]; /* Don't 'fixup' NULL values */ if (!template[i].pValue) { continue;
} if (template[i].ulValueLen == sizeof(CK_ULONG)) { if (sftkdb_isULONGAttribute(template[i].type)) {
CK_ULONG value = *(CK_ULONG *)template[i].pValue;
sftk_ULong2SDBULong(data, value);
ntemplate[i].pValue = data;
ntemplate[i].ulValueLen = SDB_ULONG_SIZE;
data += SDB_ULONG_SIZE;
}
}
} return ntemplate;
}
/* * return a string describing the database type (key or cert)
*/ constchar *
sftkdb_TypeString(SFTKDBHandle *handle)
{ return (handle->type == SFTK_KEYDB_TYPE) ? "key" : "cert";
}
/* * Some attributes are signed with an Hmac and a pbe key generated from * the password. This signature is stored indexed by object handle and * attribute type in the meta data table in the key database. * * Signature entries are indexed by the string * sig_[cert/key]_{ObjectID}_{Attribute} * * This function fetches that pkcs5 signature. Caller supplies a SECItem * pre-allocated to the appropriate size if the SECItem is too small the * function will fail with CKR_BUFFER_TOO_SMALL.
*/ static CK_RV
sftkdb_getRawAttributeSignature(SFTKDBHandle *handle, SDB *db,
CK_OBJECT_HANDLE objectID,
CK_ATTRIBUTE_TYPE type,
SECItem *signText)
{ char id[30];
CK_RV crv;
/* * Some attributes are signed with an Hmac and a pbe key generated from * the password. This signature is stored indexed by object handle and * attribute type in the meta data table in the key database. * * Signature entries are indexed by the string * sig_[cert/key]_{ObjectID}_{Attribute} * * This function stores that pkcs5 signature.
*/
CK_RV
sftkdb_PutAttributeSignature(SFTKDBHandle *handle, SDB *keyTarget,
CK_OBJECT_HANDLE objectID, CK_ATTRIBUTE_TYPE type,
SECItem *signText)
{ char id[30];
CK_RV crv;
/* if no data was retrieved, no need to process encrypted or signed
* attributes */ if ((template[i].pValue == NULL) || (template[i].ulValueLen == -1)) { continue;
}
/* fixup private attributes */ if (checkEnc && sftkdb_isPrivateAttribute(ntemplate[i].type)) { /* we have a private attribute */ /* This code depends on the fact that the cipherText is bigger
* than the plain text */
SECItem cipherText;
SECItem *plainText;
SECStatus rv;
/* copy the plain text back into the template */
PORT_Memcpy(template[i].pValue, plainText->data, plainText->len); template[i].ulValueLen = plainText->len;
SECITEM_ZfreeItem(plainText, PR_TRUE);
} /* make sure signed attributes are valid */ if (checkSig && sftkdb_isAuthenticatedAttribute(ntemplate[i].type) && !sftkdb_isNullTrust(&ntemplate[i])) {
SECStatus rv;
CK_RV local_crv;
SECItem signText;
SECItem plainText; unsignedchar signData[SDB_MAX_META_DATA_LEN];
/* Use a local variable so that we don't clobber any already * set error. This function returns either CKR_OK or the last
* found error in the template */
local_crv = sftkdb_GetAttributeSignature(handle, keyHandle,
objectID,
ntemplate[i].type,
&signText); if (local_crv != CKR_OK) {
PORT_Memset(template[i].pValue, 0, template[i].ulValueLen); template[i].ulValueLen = -1;
crv = local_crv; continue;
}
/* * we do a second check holding the lock just in case the user * loggout while we were trying to get the signature.
*/
PZ_Lock(keyHandle->passwordLock); if (keyHandle->passwordKey.data == NULL) { /* if we are no longer logged in, no use checking the other
* Signatures either. */
checkSig = PR_FALSE;
PZ_Unlock(keyHandle->passwordLock); continue;
}
rv = sftkdb_VerifyAttribute(keyHandle,
&keyHandle->passwordKey,
objectID, ntemplate[i].type,
&plainText, &signText);
PZ_Unlock(keyHandle->passwordLock); if (rv != SECSuccess) {
PORT_Memset(template[i].pValue, 0, template[i].ulValueLen); template[i].ulValueLen = -1;
crv = CKR_SIGNATURE_INVALID; /* better error code? */
} /* This Attribute is fine */
}
} return crv;
}
/* * Some attributes are signed with an HMAC and a pbe key generated from * the password. This signature is stored indexed by object handle and * * Those attributes are: * 1) Trust object hashes and trust values. * 2) public key values. * * Certs themselves are considered properly authenticated by virtue of their * signature, or their matching hash with the trust object. * * These signature is only checked for objects coming from shared databases. * Older dbm style databases have such no signature checks. HMACs are also * only checked when the token is logged in, as it requires a pbe generated * from the password. * * Tokens which have no key database (and therefore no master password) do not * have any stored signature values. Signature values are stored in the key * database, since the signature data is tightly coupled to the key database * password. * * This function takes a template of attributes that were either created or * modified. These attributes are checked to see if the need to be signed. * If they do, then this function signs the attributes and writes them * to the meta data store. * * This function can fail if there are attributes that must be signed, but * the token is not logged in. * * The caller is expected to abort any transaction he was in in the * event of a failure of this function.
*/ static CK_RV
sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle,
PRBool mayBeUpdateDB,
CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template,
CK_ULONG count)
{ unsignedint i;
CK_RV crv;
SFTKDBHandle *keyHandle = handle;
SDB *keyTarget = NULL;
PRBool usingPeerDB = PR_FALSE;
PRBool inPeerDBTransaction = PR_FALSE;
/* no key DB defined? then no need to sign anything */ if (keyHandle == NULL) {
crv = CKR_OK; goto loser;
}
/* When we are in a middle of an update, we have an update database set, * but we want to write to the real database. The bool mayBeUpdateDB is * set to TRUE if it's possible that we want to write an update database
* rather than a primary */
keyTarget = (mayBeUpdateDB && keyHandle->update) ? keyHandle->update : keyHandle->db;
/* skip the the database does not support meta data */ if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) {
crv = CKR_OK; goto loser;
}
/* If we had to switch databases, we need to initialize a transaction. */ if (usingPeerDB) {
crv = (*keyTarget->sdb_Begin)(keyTarget); if (crv != CKR_OK) { goto loser;
}
inPeerDBTransaction = PR_TRUE;
}
for (i = 0; i < count; i++) { if (sftkdb_isAuthenticatedAttribute(template[i].type)) {
SECStatus rv;
SECItem *signText;
SECItem plainText;
/* if we don't have a meta table, we didn't write any signature objects */ if ((db->sdb_flags & SDB_HAS_META) == 0) { return CKR_OK;
} for (i = 0; i < max_attributes; i++) {
CK_ATTRIBUTE *att = &ptemplate[i];
CK_ATTRIBUTE_TYPE type = att->type; if (sftkdb_isPrivateAttribute(type)) { /* move the signature from one object handle to another and delete
* the old entry */
SECItem signature; unsignedchar signData[SDB_MAX_META_DATA_LEN];
signature.data = signData;
signature.len = sizeof(signData);
crv = sftkdb_getRawAttributeSignature(handle, db, oldID, type,
&signature); if (crv != CKR_OK) { /* NOTE: if we ever change our default write from AES_CBC * to AES_KW, We'll need to change this to a continue as
* we won't need the integrity record for AES_KW */ break;
}
crv = sftkdb_PutAttributeSignature(handle, db, newID, type,
&signature); if (crv != CKR_OK) { break;
} /* now get rid of the old one */
crv = sftkdb_DestroyAttributeSignature(handle, db, oldID, type); if (crv != CKR_OK) { break;
}
}
} return crv;
}
if (*crv != CKR_OK) { return NULL;
} if (pcount) {
*pcount = count;
} returntemplate;
}
/* * return a pointer to the attribute in the give template. * The return value is not const, as the caller may modify * the given attribute value, but such modifications will * modify the actual value in the template.
*/ static CK_ATTRIBUTE *
sftkdb_getAttributeFromTemplate(CK_ATTRIBUTE_TYPE attribute,
CK_ATTRIBUTE *ptemplate, CK_ULONG len)
{
CK_ULONG i;
for (i = 0; i < len; i++) { if (attribute == ptemplate[i].type) { return &ptemplate[i];
}
} return NULL;
}
case CKO_PRIVATE_KEY: case CKO_PUBLIC_KEY: case CKO_SECRET_KEY:
attr = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, len); if (attr == NULL) { return CKR_TEMPLATE_INCOMPLETE;
} if (attr->ulValueLen == 0) { /* key is too generic to determine that it's unique, usually
* happens in the key gen case */ return CKR_OBJECT_HANDLE_INVALID;
}
if (crv == CKR_OBJECT_HANDLE_INVALID) { /* key is too generic to determine that it's unique, usually * happens in the key gen case, tell the caller to go ahead
* and just create it */ return CKR_OK;
} if (crv != CKR_OK) { return crv;
}
/* use the raw find, so we get the correct database */
crv = (*db->sdb_FindObjectsInit)(db, findTemplate, count, &find); if (crv != CKR_OK) { return crv;
}
(*db->sdb_FindObjects)(db, find, id, 1, &objCount);
(*db->sdb_FindObjectsFinal)(db, find);
/* * check to see if this template conflicts with others in our current database.
*/ static CK_RV
sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType, const CK_ATTRIBUTE *ptemplate, CK_ULONG len,
CK_OBJECT_HANDLE sourceID)
{
CK_ATTRIBUTE findTemplate[2]; unsignedchar objTypeData[SDB_ULONG_SIZE]; /* we may need to allocate some temporaries. Keep track of what was
* allocated so we can free it in the end */ unsignedchar *temp1 = NULL; unsignedchar *temp2 = NULL;
CK_ULONG objCount = 0;
SDBFind *find = NULL;
CK_OBJECT_HANDLE id; const CK_ATTRIBUTE *attr, *attr2;
CK_RV crv;
CK_ATTRIBUTE subject;
/* Currently the only conflict is with nicknames pointing to the same
* subject when creating or modifying a certificate. */ /* If the object is not a cert, no problem. */ if (objectType != CKO_CERTIFICATE) { return CKR_OK;
} /* if not setting a nickname then there's still no problem */
attr = sftkdb_getAttributeFromConstTemplate(CKA_LABEL, ptemplate, len); if ((attr == NULL) || (attr->ulValueLen == 0)) { return CKR_OK;
} /* fetch the subject of the source. For creation and merge, this should
* be found in the template */
attr2 = sftkdb_getAttributeFromConstTemplate(CKA_SUBJECT, ptemplate, len); if (sourceID == CK_INVALID_HANDLE) { if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen < 0)) {
crv = CKR_TEMPLATE_INCOMPLETE; goto done;
}
} elseif ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen <= 0)) { /* sourceID is set if we are trying to modify an existing entry instead * of creating a new one. In this case the subject may not be (probably
* isn't) in the template, we have to read it from the database */
subject.type = CKA_SUBJECT;
subject.pValue = NULL;
subject.ulValueLen = 0;
crv = (*db->sdb_GetAttributeValue)(db, sourceID, &subject, 1); if (crv != CKR_OK) { goto done;
} if ((CK_LONG)subject.ulValueLen < 0) {
crv = CKR_DEVICE_ERROR; /* closest pkcs11 error to corrupted DB */ goto done;
}
temp1 = subject.pValue = PORT_Alloc(++subject.ulValueLen); if (temp1 == NULL) {
crv = CKR_HOST_MEMORY; goto done;
}
crv = (*db->sdb_GetAttributeValue)(db, sourceID, &subject, 1); if (crv != CKR_OK) { goto done;
}
attr2 = &subject;
}
/* check for another cert in the database with the same nickname */
sftk_ULong2SDBULong(objTypeData, objectType);
findTemplate[0].type = CKA_CLASS;
findTemplate[0].pValue = objTypeData;
findTemplate[0].ulValueLen = SDB_ULONG_SIZE;
findTemplate[1] = *attr;
/* object count == 0 means no conflicting certs found,
* go on with the operation */ if (objCount == 0) {
crv = CKR_OK; goto done;
}
/* There is a least one cert that shares the nickname, make sure it also
* matches the subject. */
findTemplate[0] = *attr2; /* we know how big the source subject was. Use that length to create the * space for the target. If it's not enough space, then it means the * source subject is too big, and therefore not a match. GetAttributeValue * will return CKR_BUFFER_TOO_SMALL. Otherwise it should be exactly enough
* space (or enough space to be able to compare the result. */
temp2 = findTemplate[0].pValue = PORT_Alloc(++findTemplate[0].ulValueLen); if (temp2 == NULL) {
crv = CKR_HOST_MEMORY; goto done;
}
crv = (*db->sdb_GetAttributeValue)(db, id, findTemplate, 1); if (crv != CKR_OK) { if (crv == CKR_BUFFER_TOO_SMALL) { /* if our buffer is too small, then the Subjects clearly do
* not match */
crv = CKR_ATTRIBUTE_VALUE_INVALID; goto loser;
} /* otherwise we couldn't get the value, just fail */ goto done;
}
/* Ok, we have both subjects, make sure they are the same.
* Compare the subjects */ if ((findTemplate[0].ulValueLen != attr2->ulValueLen) ||
(attr2->ulValueLen > 0 &&
PORT_Memcmp(findTemplate[0].pValue, attr2->pValue, attr2->ulValueLen) != 0)) {
crv = CKR_ATTRIBUTE_VALUE_INVALID; goto loser;
}
crv = CKR_OK;
done: /* If we've failed for some other reason than a conflict, make sure we * return an error code other than CKR_ATTRIBUTE_VALUE_INVALID. * (NOTE: neither sdb_FindObjectsInit nor sdb_GetAttributeValue should * return CKR_ATTRIBUTE_VALUE_INVALID, so the following is paranoia).
*/ if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
crv = CKR_GENERAL_ERROR; /* clearly a programming error */
}
/* exit point if we found a conflict */
loser:
PORT_Free(temp1);
PORT_Free(temp2); return crv;
}
/* * try to update the template to fix any errors. This is only done * during update. * * NOTE: we must update the template or return an error, or the update caller * will loop forever! * * Two copies of the source code for this algorithm exist in NSS. * Changes must be made in both copies. * The other copy is in pk11_IncrementNickname() in pk11wrap/pk11merge.c. *
*/ static CK_RV
sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType,
CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
{
CK_ATTRIBUTE *attr; char *nickname, *newNickname; unsignedint end, digit;
/* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { return CKR_GENERAL_ERROR; /* shouldn't happen */
}
attr = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); if ((attr == NULL) || (attr->ulValueLen == 0)) { return CKR_GENERAL_ERROR; /* shouldn't happen */
}
/* update the nickname */ /* is there a number at the end of the nickname already?
* if so just increment that number */
nickname = (char *)attr->pValue;
/* does nickname end with " #n*" ? */ for (end = attr->ulValueLen - 1;
end >= 2 && (digit = nickname[end]) <= '9' && digit >= '0';
end--) /* just scan */
; if (attr->ulValueLen >= 3 &&
end < (attr->ulValueLen - 1) /* at least one digit */ &&
nickname[end] == '#' &&
nickname[end - 1] == ' ') { /* Already has a suitable suffix string */
} else { /* ... append " #2" to the name */ staticconstchar num2[] = " #2";
newNickname = PORT_ArenaAlloc(arena, attr->ulValueLen + sizeof(num2)); if (!newNickname) { return CKR_HOST_MEMORY;
}
PORT_Memcpy(newNickname, nickname, attr->ulValueLen);
PORT_Memcpy(&newNickname[attr->ulValueLen], num2, sizeof(num2));
attr->pValue = newNickname; /* modifies ptemplate */
attr->ulValueLen += 3; /* 3 is strlen(num2) */ return CKR_OK;
}
/* we overflowed, insert a new '1' for a carry in front of the number */
newNickname = PORT_ArenaAlloc(arena, attr->ulValueLen + 1); if (!newNickname) { return CKR_HOST_MEMORY;
} /* PORT_Memcpy should handle len of '0' */
PORT_Memcpy(newNickname, nickname, ++end);
newNickname[end] = '1';
PORT_Memset(&newNickname[end + 1], '0', attr->ulValueLen - end);
attr->pValue = newNickname;
attr->ulValueLen++; return CKR_OK;
}
/* * set an attribute and sign it if necessary
*/ static CK_RV
sftkdb_setAttributeValue(PLArenaPool *arena, SFTKDBHandle *handle,
SDB *db, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template,
CK_ULONG count)
{
CK_RV crv;
crv = (*db->sdb_SetAttributeValue)(db, objectID, template, count); if (crv != CKR_OK) { return crv;
}
crv = sftk_signTemplate(arena, handle, db == handle->update,
objectID, template, count); return crv;
}
/* * write a softoken object out to the database.
*/
CK_RV
sftkdb_write(SFTKDBHandle *handle, SFTKObject *object,
CK_OBJECT_HANDLE *objectID)
{
CK_ATTRIBUTE *template;
PLArenaPool *arena;
CK_ULONG count;
CK_RV crv;
SDB *db;
PRBool inTransaction = PR_FALSE;
CK_OBJECT_HANDLE id, candidateID;
*objectID = CK_INVALID_HANDLE;
if (handle == NULL) { return CKR_TOKEN_WRITE_PROTECTED;
}
db = SFTK_GET_SDB(handle);
/* * we have opened a new database, but we have not yet updated it. We are * still running pointing to the old database (so the application can * still read). We don't want to write to the old database at this point, * however, since it leads to user confusion. So at this point we simply * require a user login. Let NSS know this so it can prompt the user.
*/ if (db == handle->update) { return CKR_USER_NOT_LOGGED_IN;
}
/* * We want to make the base database as free from object specific knowledge * as possible. To maintain compatibility, keep some of the desirable * object specific semantics of the old database. * * These were 2 fold: * 1) there were certain conflicts (like trying to set the same nickname * on two different subjects) that would return an error. * 2) Importing the 'same' object would silently update that object. * * The following 2 functions mimic the desirable effects of these two * semantics without pushing any object knowledge to the underlying database * code.
*/
/* make sure we don't have attributes that conflict with the existing DB */
crv = sftkdb_checkConflicts(db, object->objclass, template, count,
CK_INVALID_HANDLE); if (crv != CKR_OK) { goto loser;
} /* Find any copies that match this particular object */
crv = sftkdb_lookupObject(db, object->objclass, &id, template, count); if (crv != CKR_OK) { goto loser;
} if (id == CK_INVALID_HANDLE) {
*objectID = candidateID;
crv = sftkdb_CreateObject(arena, handle, db, objectID, template, count);
} else { /* object already exists, modify it's attributes */
*objectID = id; /* The object ID changed from our candidate, we need to move any
* signature attribute signatures to the new object ID. */
crv = sftkdb_fixupSignatures(handle, db, candidateID, id, template, count); if (crv != CKR_OK) { goto loser;
}
crv = sftkdb_setAttributeValue(arena, handle, db, id, template, count);
} if (crv != CKR_OK) { goto loser;
}
crv = (*db->sdb_Commit)(db);
inTransaction = PR_FALSE;
loser: if (inTransaction) {
(*db->sdb_Abort)(db); /* It is trivial to show the following code cannot * happen unless something is horribly wrong with our compilier or
* hardware */
PORT_Assert(crv != CKR_OK); if (crv == CKR_OK)
crv = CKR_GENERAL_ERROR;
}
if (arena) {
PORT_FreeArena(arena, PR_TRUE);
} if (crv == CKR_OK) {
*objectID |= (handle->type | SFTK_TOKEN_TYPE);
} return crv;
}
if (handle == NULL) { return CKR_TOKEN_WRITE_PROTECTED;
}
db = SFTK_GET_SDB(handle); /* nothing to do */ if (count == 0) { return CKR_OK;
} /* * we have opened a new database, but we have not yet updated it. We are * still running pointing to the old database (so the application can * still read). We don't want to write to the old database at this point, * however, since it leads to user confusion. So at this point we simply * require a user login. Let NSS know this so it can prompt the user.
*/ if (db == handle->update) { return CKR_USER_NOT_LOGGED_IN;
}
/* make sure we don't have attributes that conflict with the existing DB */
crv = sftkdb_checkConflicts(db, object->objclass, ntemplate, count,
objectID); if (crv != CKR_OK) { goto loser;
}
/* * check to see if we have already updated this database. * a NULL updateID means we are trying to do an in place * single database update. In that case we have already * determined that an update was necessary.
*/ static PRBool
sftkdb_hasUpdate(constchar *typeString, SDB *db, constchar *updateID)
{ char *id;
CK_RV crv;
SECItem dummy = { 0, NULL, 0 }; unsignedchar dummyData[SDB_MAX_META_DATA_LEN];
if (!updateID) { return PR_FALSE;
}
id = PR_smprintf(SFTKDB_META_UPDATE_TEMPLATE, typeString, updateID); if (id == NULL) { return PR_FALSE;
}
dummy.data = dummyData;
dummy.len = sizeof(dummyData);
/* * we just completed an update, store the update id * so we don't need to do it again. If non was given, * there is nothing to do.
*/ static CK_RV
sftkdb_putUpdate(constchar *typeString, SDB *db, constchar *updateID)
{ char *id;
CK_RV crv;
SECItem dummy = { 0, NULL, 0 };
/* if no id was given, nothing to do */ if (updateID == NULL) { return CKR_OK;
}
/* * get a ULong attribute from a template: * NOTE: this is a raw templated stored in database order!
*/ static CK_ULONG
sftkdb_getULongFromTemplate(CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *ptemplate, CK_ULONG len)
{
CK_ATTRIBUTE *attr = sftkdb_getAttributeFromTemplate(type,
ptemplate, len);
/* * we need to find a unique CKA_ID. * The basic idea is to just increment the lowest byte. * This code also handles the following corner cases: * 1) the single byte overflows. On overflow we increment the next byte up * and so forth until we have overflowed the entire CKA_ID. * 2) If we overflow the entire CKA_ID we expand it by one byte. * 3) the CKA_ID is non-existant, we create a new one with one byte. * This means no matter what CKA_ID is passed, the result of this function * is always a new CKA_ID, and this function will never return the same * CKA_ID the it has returned in the passed.
*/ static CK_RV
sftkdb_incrementCKAID(PLArenaPool *arena, CK_ATTRIBUTE *ptemplate)
{ unsignedchar *buf = ptemplate->pValue;
CK_ULONG len = ptemplate->ulValueLen;
if (buf == NULL || len == (CK_ULONG)-1) { /* we have no valid CKAID, we'll create a basic one byte CKA_ID below */
len = 0;
} else {
CK_ULONG i;
/* walk from the back to front, incrementing * the CKA_ID until we no longer have a carry,
* or have hit the front of the id. */ for (i = len; i != 0; i--) {
buf[i - 1]++; if (buf[i - 1] != 0) { /* no more carries, the increment is complete */ return CKR_OK;
}
} /* we've now overflowed, fall through and expand the CKA_ID by
* one byte */
}
buf = PORT_ArenaAlloc(arena, len + 1); if (!buf) { return CKR_HOST_MEMORY;
} if (len > 0) {
PORT_Memcpy(buf, ptemplate->pValue, len);
}
buf[len] = 0;
ptemplate->pValue = buf;
ptemplate->ulValueLen = len + 1; return CKR_OK;
}
/* * drop an attribute from a template.
*/ void
sftkdb_dropAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE *ptemplate,
CK_ULONG *plen)
{
CK_ULONG count = *plen;
CK_ULONG i;
for (i = 0; i < count; i++) { if (attr->type == ptemplate[i].type) { break;
}
}
if (i == count) { /* attribute not found */ return;
}
/* copy the remaining attributes up */ for (i++; i < count; i++) {
ptemplate[i - 1] = ptemplate[i];
}
/* * create some defines for the following functions to document the meaning * of true/false. (make's it easier to remember what means what.
*/ typedefenum {
SFTKDB_DO_NOTHING = 0,
SFTKDB_ADD_OBJECT,
SFTKDB_MODIFY_OBJECT,
SFTKDB_DROP_ATTRIBUTE
} sftkdbUpdateStatus;
/* * helper function to reconcile a single trust entry. * Identify which trust entry we want to keep. * If we don't need to do anything (the records are already equal). * return SFTKDB_DO_NOTHING. * If we want to use the source version, * return SFTKDB_MODIFY_OBJECT * If we want to use the target version, * return SFTKDB_DROP_ATTRIBUTE * * In the end the caller will remove any attributes in the source * template when SFTKDB_DROP_ATTRIBUTE is specified, then use do a * set attributes with that template on the target if we received * any SFTKDB_MODIFY_OBJECT returns.
*/
sftkdbUpdateStatus
sftkdb_reconcileTrustEntry(PLArenaPool *arena, CK_ATTRIBUTE *target,
CK_ATTRIBUTE *source)
{
CK_ULONG targetTrust = sftkdb_getULongFromTemplate(target->type,
target, 1);
CK_ULONG sourceTrust = sftkdb_getULongFromTemplate(target->type,
source, 1);
/* * try to pick the best solution between the source and the * target. Update the source template if we want the target value * to win out. Prefer cases where we don't actually update the * trust entry.
*/
/* they are the same, everything is already kosher */ if (targetTrust == sourceTrust) { return SFTKDB_DO_NOTHING;
}
/* handle the case where the source Trust attribute may be a bit
* flakey */ if (sourceTrust == (CK_ULONG)-1) { /* * The source Trust is invalid. We know that the target Trust * must be valid here, otherwise the above * targetTrust == sourceTrust check would have succeeded.
*/ return SFTKDB_DROP_ATTRIBUTE;
}
/* target is invalid, use the source's idea of the trust value */ if (targetTrust == (CK_ULONG)-1) { /* overwriting the target in this case is OK */ return SFTKDB_MODIFY_OBJECT;
}
/* at this point we know that both attributes exist and have the * appropriate length (SDB_ULONG_SIZE). We no longer need to check * ulValueLen for either attribute.
*/ if (sourceTrust == CKT_NSS_TRUST_UNKNOWN) { return SFTKDB_DROP_ATTRIBUTE;
}
/* target has no idea, use the source's idea of the trust value */ if (targetTrust == CKT_NSS_TRUST_UNKNOWN) { /* overwriting the target in this case is OK */ return SFTKDB_MODIFY_OBJECT;
}
/* so both the target and the source have some idea of what this * trust attribute should be, and neither agree exactly. * At this point, we prefer 'hard' attributes over 'soft' ones. * 'hard' ones are CKT_NSS_TRUSTED, CKT_NSS_TRUSTED_DELEGATOR, and * CKT_NSS_NOT_TRUTED. Soft ones are ones which don't change the * actual trust of the cert (CKT_MUST_VERIFY_TRUST, * CKT_NSS_VALID_DELEGATOR).
*/ if ((sourceTrust == CKT_NSS_MUST_VERIFY_TRUST) || (sourceTrust == CKT_NSS_VALID_DELEGATOR)) { return SFTKDB_DROP_ATTRIBUTE;
} if ((targetTrust == CKT_NSS_MUST_VERIFY_TRUST) || (targetTrust == CKT_NSS_VALID_DELEGATOR)) { /* again, overwriting the target in this case is OK */ return SFTKDB_MODIFY_OBJECT;
}
/* both have hard attributes, we have a conflict, let the target win. */ return SFTKDB_DROP_ATTRIBUTE;
}
#define SFTK_TRUST_TEMPLATE_COUNT \
(sizeof(sftkdb_trustList) / sizeof(sftkdb_trustList[0])) /* * Run through the list of known trust types, and reconcile each trust * entry one by one. Keep track of we really need to write out the source * trust object (overwriting the existing one).
*/ static sftkdbUpdateStatus
sftkdb_reconcileTrust(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
{
CK_ATTRIBUTE trustTemplate[SFTK_TRUST_TEMPLATE_COUNT]; unsignedchar trustData[SFTK_TRUST_TEMPLATE_COUNT * SDB_ULONG_SIZE];
sftkdbUpdateStatus update = SFTKDB_DO_NOTHING;
CK_ULONG i;
CK_RV crv;
for (i = 0; i < SFTK_TRUST_TEMPLATE_COUNT; i++) {
trustTemplate[i].type = sftkdb_trustList[i];
trustTemplate[i].pValue = &trustData[i * SDB_ULONG_SIZE];
trustTemplate[i].ulValueLen = SDB_ULONG_SIZE;
}
crv = (*db->sdb_GetAttributeValue)(db, id,
trustTemplate, SFTK_TRUST_TEMPLATE_COUNT); if ((crv != CKR_OK) && (crv != CKR_ATTRIBUTE_TYPE_INVALID)) { /* target trust has some problems, update it */
update = SFTKDB_MODIFY_OBJECT; goto done;
}
for (i = 0; i < SFTK_TRUST_TEMPLATE_COUNT; i++) {
CK_ATTRIBUTE *attr = sftkdb_getAttributeFromTemplate(
trustTemplate[i].type, ptemplate, *plen);
sftkdbUpdateStatus status;
/* if target trust value doesn't exist, nothing to merge */ if (trustTemplate[i].ulValueLen == (CK_ULONG)-1) { /* if the source exists, then we want the source entry,
* go ahead and update */ if (attr && attr->ulValueLen != (CK_ULONG)-1) {
update = SFTKDB_MODIFY_OBJECT;
} continue;
}
/* * the source doesn't have the attribute, go to the next attribute
*/ if (attr == NULL) { continue;
}
status = sftkdb_reconcileTrustEntry(arena, &trustTemplate[i], attr); if (status == SFTKDB_MODIFY_OBJECT) {
update = SFTKDB_MODIFY_OBJECT;
} elseif (status == SFTKDB_DROP_ATTRIBUTE) { /* drop the source copy of the attribute, we are going with
* the target's version */
sftkdb_dropAttribute(attr, ptemplate, plen);
}
}
/* finally manage stepup */ if (update == SFTKDB_MODIFY_OBJECT) {
CK_BBOOL stepUpBool = CK_FALSE; /* if we are going to write from the source, make sure we don't
* overwrite the stepup bit if it's on*/
trustTemplate[0].type = CKA_TRUST_STEP_UP_APPROVED;
trustTemplate[0].pValue = &stepUpBool;
trustTemplate[0].ulValueLen = sizeof(stepUpBool);
crv = (*db->sdb_GetAttributeValue)(db, id, trustTemplate, 1); if ((crv == CKR_OK) && (stepUpBool == CK_TRUE)) {
sftkdb_dropAttribute(trustTemplate, ptemplate, plen);
}
} else { /* we currently aren't going to update. If the source stepup bit is
* on however, do an update so the target gets it as well */
CK_ATTRIBUTE *attr;
/* if the source has neither an id nor label, don't bother updating */ if ((!attr1 || attr1->ulValueLen == 0) &&
(!attr2 || attr2->ulValueLen == 0)) { return SFTKDB_DO_NOTHING;
}
/* the source has either an id or a label, see what the target has */
(void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2);
/* if the target has neither, update from the source */ if (((ttemplate[0].ulValueLen == 0) ||
(ttemplate[0].ulValueLen == (CK_ULONG)-1)) &&
((ttemplate[1].ulValueLen == 0) ||
(ttemplate[1].ulValueLen == (CK_ULONG)-1))) { return SFTKDB_MODIFY_OBJECT;
}
/* check the CKA_ID */ if ((ttemplate[0].ulValueLen != 0) &&
(ttemplate[0].ulValueLen != (CK_ULONG)-1)) { /* we have a CKA_ID in the target, don't overwrite
* the target with an empty CKA_ID from the source*/ if (attr1 && attr1->ulValueLen == 0) {
sftkdb_dropAttribute(attr1, ptemplate, plen);
}
} elseif (attr1 && attr1->ulValueLen != 0) { /* source has a CKA_ID, but the target doesn't, update the target */
update = SFTKDB_MODIFY_OBJECT;
}
/* check the nickname */ if ((ttemplate[1].ulValueLen != 0) &&
(ttemplate[1].ulValueLen != (CK_ULONG)-1)) {
/* we have a nickname in the target, and we don't have to update * the CKA_ID. We are done. NOTE: if we add addition attributes
* in this check, this shortcut can only go on the last of them. */ if (update == SFTKDB_DO_NOTHING) { return update;
} /* we have a nickname in the target, don't overwrite
* the target with an empty nickname from the source */ if (attr2 && attr2->ulValueLen == 0) {
sftkdb_dropAttribute(attr2, ptemplate, plen);
}
} elseif (attr2 && attr2->ulValueLen != 0) { /* source has a nickname, but the target doesn't, update the target */
update = SFTKDB_MODIFY_OBJECT;
}
return update;
}
/* * This function updates the template before we write the object out. * * If we are going to skip updating this object, return PR_FALSE. * If it should be updated we return PR_TRUE. * To help readability, these have been defined * as SFTK_DONT_UPDATE and SFTK_UPDATE respectively.
*/ static PRBool
sftkdb_updateObjectTemplate(PLArenaPool *arena, SDB *db,
CK_OBJECT_CLASS objectType,
CK_ATTRIBUTE *ptemplate, CK_ULONG *plen,
CK_OBJECT_HANDLE *targetID)
{
PRBool done; /* should we repeat the loop? */
CK_OBJECT_HANDLE id;
CK_RV crv = CKR_OK;
do {
crv = sftkdb_checkConflicts(db, objectType, ptemplate,
*plen, CK_INVALID_HANDLE); if (crv != CKR_ATTRIBUTE_VALUE_INVALID) { break;
}
crv = sftkdb_resolveConflicts(arena, objectType, ptemplate, plen);
} while (crv == CKR_OK);
if (crv != CKR_OK) { return SFTKDB_DO_NOTHING;
}
do {
done = PR_TRUE;
crv = sftkdb_lookupObject(db, objectType, &id, ptemplate, *plen); if (crv != CKR_OK) { return SFTKDB_DO_NOTHING;
}
/* This object already exists, merge it, don't update */ if (id != CK_INVALID_HANDLE) {
CK_ATTRIBUTE *attr = NULL; /* special post processing for attributes */ switch (objectType) { case CKO_CERTIFICATE: case CKO_PUBLIC_KEY: case CKO_PRIVATE_KEY: /* update target's CKA_ID and labels if they don't already
* exist */
*targetID = id; return sftkdb_handleIDAndName(arena, db, id, ptemplate, plen); case CKO_NSS_TRUST: /* if we have conflicting trust object types,
* we need to reconcile them */
*targetID = id; return sftkdb_reconcileTrust(arena, db, id, ptemplate, plen); case CKO_SECRET_KEY: /* secret keys in the old database are all sdr keys, * unfortunately they all appear to have the same CKA_ID, * even though they are truly different keys, so we always * want to update these keys, but we need to
* give them a new CKA_ID */ /* NOTE: this changes ptemplate */
attr = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen);
crv = attr ? sftkdb_incrementCKAID(arena, attr)
: CKR_HOST_MEMORY; /* in the extremely rare event that we needed memory and
* couldn't get it, just drop the key */ if (crv != CKR_OK) { return SFTKDB_DO_NOTHING;
}
done = PR_FALSE; /* repeat this find loop */ break; default: /* for all other objects, if we found the equivalent object,
* don't update it */ return SFTKDB_DO_NOTHING;
}
}
} while (!done);
/* this object doesn't exist, update it */ return SFTKDB_ADD_OBJECT;
}
/* if the target doesn't have META data, don't need to do anything */ if ((target->sdb_flags & SDB_HAS_META) == 0) { return CKR_OK;
} /* if the source doesn't have meta data, then the record won't require
* integrity */ if ((source->sdb_flags & SDB_HAS_META) == 0) { return CKR_OK;
} for (i = 0; i < max_attributes; i++) {
CK_ATTRIBUTE *att = &ptemplate[i];
CK_ATTRIBUTE_TYPE type = att->type; if (sftkdb_isPrivateAttribute(type)) { /* copy integrity signatures associated with this record (if any) */
SECItem signature; unsignedchar signData[SDB_MAX_META_DATA_LEN];
CK_RV crv;
signature.data = signData;
signature.len = sizeof(signData);
crv = sftkdb_getRawAttributeSignature(handle, source, sourceID, type,
&signature); if (crv != CKR_OK) { /* old databases don't have signature IDs because they are * 3DES encrypted. Since we know not to look for integrity * for 3DES records it's OK not to find one here. A new record
* will be created when we reencrypt using AES CBC */ continue;
}
crv = sftkdb_PutAttributeSignature(handle, target, targetID, type,
&signature); if (crv != CKR_OK) { /* we had a signature in the source db, but we couldn't store
* it in the target, remember the error so we can report it. */
global_crv = crv;
}
}
} return global_crv;
}
for (i = 0; i < max_attributes; i++) {
ptemplate[i].pValue = PORT_ArenaAlloc(arena, ptemplate[i].ulValueLen); if (ptemplate[i].pValue == NULL) {
crv = CKR_HOST_MEMORY; goto loser;
}
}
crv = (*source->sdb_GetAttributeValue)(source, id,
ptemplate, max_attributes); if (crv != CKR_OK) { goto loser;
}
objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
max_attributes); /* * Update Object updates the object template if necessary then returns * whether or not we need to actually write the object out to our target * database.
*/ if (!handle->updateID) {
crv = sftkdb_CreateObject(arena, handle, target, &newID,
ptemplate, max_attributes);
} else {
sftkdbUpdateStatus update_status;
update_status = sftkdb_updateObjectTemplate(arena, target,
objectType, ptemplate, &max_attributes, &newID); switch (update_status) { case SFTKDB_ADD_OBJECT:
crv = sftkdb_CreateObject(arena, handle, target, &newID,
ptemplate, max_attributes); break; case SFTKDB_MODIFY_OBJECT:
crv = sftkdb_setAttributeValue(arena, handle, target,
newID, ptemplate, max_attributes); break; case SFTKDB_DO_NOTHING: case SFTKDB_DROP_ATTRIBUTE: break;
}
}
/* if keyDB copy any meta data hashes to target, Update for the new
* object ID */ if (crv == CKR_OK) {
crv = sftkdb_updateIntegrity(arena, handle, source, id, target, newID,
ptemplate, max_attributes);
}
loser: if (arena) {
PORT_FreeArena(arena, PR_TRUE);
} return crv;
}
#define MAX_IDS 10 /* * update a new database from an old one, now that we have the key
*/
CK_RV
sftkdb_Update(SFTKDBHandle *handle, SECItem *key)
{
SDBFind *find = NULL;
CK_ULONG idCount = MAX_IDS;
CK_OBJECT_HANDLE ids[MAX_IDS];
SECItem *updatePasswordKey = NULL;
CK_RV crv, crv2;
PRBool inTransaction = PR_FALSE; unsignedint i;
if (handle == NULL) { return CKR_OK;
} if (handle->update == NULL) { return CKR_OK;
} /* * put the whole update under a transaction. This allows us to handle * any possible race conditions between with the updateID check.
*/
crv = (*handle->db->sdb_Begin)(handle->db); if (crv != CKR_OK) { return crv;
}
inTransaction = PR_TRUE;
/* some one else has already updated this db */ if (sftkdb_hasUpdate(sftkdb_TypeString(handle),
handle->db, handle->updateID)) {
crv = CKR_OK; goto done;
}
updatePasswordKey = sftkdb_GetUpdatePasswordKey(handle); if (updatePasswordKey) { /* pass the source DB key to the legacy code,
* so it can decrypt things */
handle->oldKey = updatePasswordKey;
}
/* find all the objects */
crv = sftkdb_FindObjectsInit(handle, NULL, 0, &find);
if (crv != CKR_OK) { goto loser;
} while ((crv == CKR_OK) && (idCount == MAX_IDS)) {
crv = sftkdb_FindObjects(handle, find, ids, MAX_IDS, &idCount); for (i = 0; (crv == CKR_OK) && (i < idCount); i++) {
crv = sftkdb_mergeObject(handle, ids[i], key);
}
}
crv2 = sftkdb_FindObjectsFinal(handle, find); if (crv == CKR_OK)
crv = crv2;
loser: /* no longer need the old key value */
handle->oldKey = NULL;
/* update the password - even if we didn't update objects */ if (handle->type == SFTK_KEYDB_TYPE) {
SECItem item1, item2; unsignedchar data1[SDB_MAX_META_DATA_LEN]; unsignedchar data2[SDB_MAX_META_DATA_LEN];
/* if the target db already has a password, skip this. */
crv = (*handle->db->sdb_GetMetaData)(handle->db, "password",
&item1, &item2); if (crv == CKR_OK) { goto done;
}
/* nope, update it from the source */
crv = (*handle->update->sdb_GetMetaData)(handle->update, "password",
&item1, &item2); if (crv != CKR_OK) { /* if we get here, neither the source, nor the target has been initialized * with a password entry. Create a metadata table now so that we don't
* mistake this for a partially updated database */
item1.data[0] = 0;
item2.data[0] = 0;
item1.len = item2.len = 1;
crv = (*handle->db->sdb_PutMetaData)(handle->db, "empty", &item1, &item2); goto done;
}
crv = (*handle->db->sdb_PutMetaData)(handle->db, "password", &item1,
&item2); if (crv != CKR_OK) { goto done;
}
}
done: /* finally mark this up to date db up to date */ /* some one else has already updated this db */ if (crv == CKR_OK) {
crv = sftkdb_putUpdate(sftkdb_TypeString(handle),
handle->db, handle->updateID);
}
if (inTransaction) { if (crv == CKR_OK) {
crv = (*handle->db->sdb_Commit)(handle->db);
} else {
(*handle->db->sdb_Abort)(handle->db);
}
} if (handle->update) {
(*handle->update->sdb_Close)(handle->update);
handle->update = NULL;
} if (handle->updateID) {
PORT_Free(handle->updateID);
handle->updateID = NULL;
}
sftkdb_FreeUpdatePasswordKey(handle); if (updatePasswordKey) {
SECITEM_ZfreeItem(updatePasswordKey, PR_TRUE);
}
handle->updateDBIsInit = PR_FALSE; return crv;
}
/****************************************************************** * DB handle managing functions. * * These functions are called by softoken to initialize, acquire, * and release database handles.
*/
if (!handle) return;
ref = PR_ATOMIC_DECREMENT(&handle->ref); if (ref == 0) {
sftkdb_CloseDB(handle);
} return;
}
/* * acquire a database handle for a certificate db * (database for public objects)
*/
SFTKDBHandle *
sftk_getCertDB(SFTKSlot *slot)
{
SFTKDBHandle *dbHandle;
/* * acquire the database for a specific object. NOTE: objectID must point * to a Token object!
*/
SFTKDBHandle *
sftk_getDBForTokenObject(SFTKSlot *slot, CK_OBJECT_HANDLE objectID)
{
SFTKDBHandle *dbHandle;
/* * reset the key database to it's uninitialized state. This call * will clear all the key entried.
*/
SECStatus
sftkdb_ResetKeyDB(SFTKDBHandle *handle)
{
CK_RV crv;
/* only rest the key db */ if (handle->type != SFTK_KEYDB_TYPE) { return SECFailure;
}
crv = sftkdb_ResetDB(handle); if (crv != CKR_OK) { /* set error */ return SECFailure;
}
PZ_Lock(handle->passwordLock); if (handle->passwordKey.data) {
SECITEM_ZfreeItem(&handle->passwordKey, PR_FALSE);
handle->passwordKey.data = NULL;
}
PZ_Unlock(handle->passwordLock); return SECSuccess;
}
#ifndef NSS_DISABLE_DBM static PRBool
sftk_oldVersionExists(constchar *dir, int version)
{ int i;
PRStatus exists = PR_FAILURE; char *file = NULL;
for (i = version; i > 1; i--) {
file = PR_smprintf("%s%d.db", dir, i); if (file == NULL) { continue;
}
exists = PR_Access(file, PR_ACCESS_EXISTS);
PR_smprintf_free(file); if (exists == PR_SUCCESS) { return PR_TRUE;
}
} return PR_FALSE;
}
#ifdefined(_WIN32) /* * Convert an sdb path (encoded in UTF-8) to a legacy path (encoded in the * current system codepage). Fails if the path contains a character outside * the current system codepage.
*/ staticchar *
sftk_legacyPathFromSDBPath(constchar *confdir)
{ wchar_t *confdirWide;
DWORD size; char *nconfdir; BOOL unmappable;
if (!confdir) { return NULL;
}
confdirWide = _NSSUTIL_UTF8ToWide(confdir); if (!confdirWide) { return NULL;
}
/* * initialize certificate and key database handles as a pair. * * This function figures out what type of database we are opening and * calls the appropriate low level function to open the database. * It also figures out whether or not to setup up automatic update.
*/
CK_RV
sftk_DBInit(constchar *configdir, constchar *certPrefix, constchar *keyPrefix, constchar *updatedir, constchar *updCertPrefix, constchar *updKeyPrefix, constchar *updateID, PRBool readOnly, PRBool noCertDB,
PRBool noKeyDB, PRBool forceOpen, PRBool isFIPS,
SFTKDBHandle **certDB, SFTKDBHandle **keyDB)
{ constchar *confdir;
NSSDBType dbType = NSS_DB_TYPE_NONE; char *appName = NULL;
SDB *keySDB, *certSDB;
CK_RV crv = CKR_OK; int flags = SDB_RDONLY;
PRBool newInit = PR_FALSE; #ifndef NSS_DISABLE_DBM
PRBool needUpdate = PR_FALSE; #endif/* NSS_DISABLE_DBM */ char *nconfdir = NULL;
PRBool legacy = PR_TRUE;
if (!readOnly) {
flags = SDB_CREATE;
} if (isFIPS) {
flags |= SDB_FIPS;
}
/* * now initialize the appropriate database
*/ switch (dbType) { #ifndef NSS_DISABLE_DBM case NSS_DB_TYPE_LEGACY:
crv = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags,
noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB); break; case NSS_DB_TYPE_MULTIACCESS:
crv = sftkdbCall_open(configdir, certPrefix, keyPrefix, 8, 3, flags,
noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB); break; #endif/* NSS_DISABLE_DBM */ case NSS_DB_TYPE_SQL: case NSS_DB_TYPE_EXTERN: /* SHOULD open a loadable db */
crv = s_open(confdir, certPrefix, keyPrefix, 9, 4, flags,
noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB, &newInit);
legacy = PR_FALSE;
#ifndef NSS_DISABLE_DBM /* * if we failed to open the DB's read only, use the old ones if * the exists.
*/ if (crv != CKR_OK) {
legacy = PR_TRUE; if ((flags & SDB_RDONLY) == SDB_RDONLY) {
nconfdir = sftk_legacyPathFromSDBPath(confdir);
} if (nconfdir &&
sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) { /* we have legacy databases, if we failed to open the new format
* DB's read only, just use the legacy ones */
crv = sftkdbCall_open(nconfdir, certPrefix,
keyPrefix, 8, 3, flags,
noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
} /* Handle the database merge case. * * For the merge case, we need help from the application. Only * the application knows where the old database is, and what unique * identifier it has associated with it. * * If the client supplies these values, we use them to determine * if we need to update.
*/
} elseif ( /* both update params have been supplied */
updatedir && *updatedir && updateID && *updateID /* old dbs exist? */
&& sftk_hasLegacyDB(updatedir, updCertPrefix, updKeyPrefix, 8, 3) /* and they have not yet been updated? */
&& ((noKeyDB || !sftkdb_hasUpdate("key", keySDB, updateID)) || (noCertDB || !sftkdb_hasUpdate("cert", certSDB, updateID)))) { /* we need to update */
confdir = updatedir;
certPrefix = updCertPrefix;
keyPrefix = updKeyPrefix;
needUpdate = PR_TRUE;
} elseif (newInit) { /* if the new format DB was also a newly created DB, and we * succeeded, then need to update that new database with data
* from the existing legacy DB */
nconfdir = sftk_legacyPathFromSDBPath(confdir); if (nconfdir &&
sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) {
confdir = nconfdir;
needUpdate = PR_TRUE;
}
} #endif/* NSS_DISABLE_DBM */ break; default:
crv = CKR_GENERAL_ERROR; /* can't happen, EvaluationConfigDir MUST * return one of the types we already
* specified. */
} if (crv != CKR_OK) { goto done;
} if (!noCertDB) {
*certDB = sftk_NewDBHandle(certSDB, SFTK_CERTDB_TYPE, legacy);
} else {
*certDB = NULL;
} if (!noKeyDB) {
*keyDB = sftk_NewDBHandle(keySDB, SFTK_KEYDB_TYPE, legacy);
} else {
*keyDB = NULL;
}
/* link them together */ if (*certDB) {
(*certDB)->peerDB = *keyDB;
} if (*keyDB) {
(*keyDB)->peerDB = *certDB;
}
#ifndef NSS_DISABLE_DBM /* * if we need to update, open the legacy database and * mark the handle as needing update.
*/ if (needUpdate) {
SDB *updateCert = NULL;
SDB *updateKey = NULL;
CK_RV crv2;
crv2 = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags,
noCertDB ? NULL : &updateCert,
noKeyDB ? NULL : &updateKey); if (crv2 == CKR_OK) { if (*certDB) {
(*certDB)->update = updateCert;
(*certDB)->updateID = updateID && *updateID
? PORT_Strdup(updateID)
: NULL;
updateCert->app_private = (*certDB);
} if (*keyDB) {
PRBool tokenRemoved = PR_FALSE;
(*keyDB)->update = updateKey;
(*keyDB)->updateID = updateID && *updateID ? PORT_Strdup(updateID) : NULL;
updateKey->app_private = (*keyDB);
(*keyDB)->updateDBIsInit = PR_TRUE;
(*keyDB)->updateDBIsInit =
(sftkdb_HasPasswordSet(*keyDB) == SECSuccess) ? PR_TRUE : PR_FALSE; /* if the password on the key db is NULL, kick off our update
* chain of events */
sftkdb_CheckPasswordNull((*keyDB), &tokenRemoved);
} else { /* we don't have a key DB, update the certificate DB now */
sftkdb_Update(*certDB, NULL);
}
}
} #endif/* NSS_DISABLE_DBM */
done: if (appName) {
PORT_Free(appName);
} if (nconfdir) {
PORT_Free(nconfdir);
} return forceOpen ? CKR_OK : crv;
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
