fortpk11.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,331 行 · 第 1/5 页

	return PR_FALSE;
    }
    if (fort11_AddAttributeType(certObject, CKA_ISSUER, issuer.data,
			  issuer.len) != CKR_OK) {
        fort11_FreeObject (certObject);
	return PR_FALSE;
    }
    if (fort11_AddAttributeType(certObject, CKA_SUBJECT, subject.data,
			      subject.len) != CKR_OK) {
        fort11_FreeObject (certObject);
	return PR_FALSE;
    }
    if (fort11_AddAttributeType(certObject, CKA_SERIAL_NUMBER,
			      serial.data, serial.len) != CKR_OK) {
        fort11_FreeObject(certObject);
	return PR_FALSE;
    }
    /*Change this to a byte array later*/
    if (fort11_AddAttributeType(certObject, CKA_ID, 
				&currPerson.CertificateIndex,
				sizeof(int)) != CKR_OK) {
        fort11_FreeObject(certObject);
	return PR_FALSE;
    }
    certObject->objectInfo = NULL;
    certObject->infoFree   = NULL;

    certObject->objclass = certClass;
    certObject->slot  = slot;
    certObject->inDB  = PR_TRUE;

    FMUTEX_Lock(slot->objectLock);
      
    certObject->handle  = slot->tokenIDCount++;
    certObject->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);

    FMUTEX_Unlock(slot->objectLock);

    if (fort11_FortezzaIsUserCert (currPerson.CertLabel)) {
        privKeyObject = fort11_NewObject(slot);
        if (fort11_NewPrivateKey(privKeyObject, slot, currPerson) != CKR_OK) {
	    fort11_FreeObject(privKeyObject);
	    fort11_FreeObject(certObject);
	    return PR_FALSE;
	}
	if(fort11_AddAttributeType(privKeyObject,CKA_ID,
				 &currPerson.CertificateIndex,
				 sizeof(int)) != CKR_OK) {
	    fort11_FreeObject(privKeyObject);
	    fort11_FreeObject(certObject);
	    return PR_FALSE;
	}	    
	attribute = fort11_FindAttribute(certObject,CKA_SUBJECT);
	newAttribute=
	  fort11_NewAttribute(pk11_attr_expand(&attribute->attrib));
	fort11_FreeAttribute(attribute);
	if (newAttribute != NULL) {
	    fort11_DeleteAttributeType(privKeyObject,
				     CKA_SUBJECT);
	    fort11_AddAttribute(privKeyObject,
			      newAttribute);
	}
	fort11_AddObject (session, privKeyObject);
    }


    fort11_AddObject (session, certObject);

    
    return PR_TRUE;
}

#define TRUSTED_PAA "00000000Trusted Root PAA"

static int
fort11_BuildCertObjects(FortezzaSocket *currSocket, PK11Slot *slot, 
		       PK11Session *session) {
		       
    int i;
    CI_PERSON rootPAA;

    PORT_Memcpy (rootPAA.CertLabel, TRUSTED_PAA, 1+PORT_Strlen (TRUSTED_PAA));
    rootPAA.CertificateIndex = 0;

    if (!fort11_LoadCertObjectForSearch(rootPAA, slot, session, 
				 currSocket->personalityList)) {
        return CKR_GENERAL_ERROR;
    }

    if (fort11_LoadRootPAAKey(slot, session) != CKR_OK) {
        return CKR_GENERAL_ERROR;
    }

    for (i=0 ; i < currSocket->numPersonalities; i++) {
        if (fort11_FortezzaIsACert (currSocket->personalityList[i].CertLabel)){
	    if (!fort11_LoadCertObjectForSearch(currSocket->personalityList[i],
						slot, session, 
						currSocket->personalityList)){
	        return CKR_GENERAL_ERROR;
	}
      }
    }

    return CKR_OK;
}

PK11Slot*
fort11_SlotFromSessionHandle(CK_SESSION_HANDLE inHandle) {
 CK_SESSION_HANDLE whichSlot = inHandle & SLOT_MASK;

 if (whichSlot >= kNumSockets) return NULL_PTR;

 return &fort11_slot[whichSlot];
}

PK11Slot* 
fort11_SlotFromID (CK_SLOT_ID inSlotID) {
  if (inSlotID == 0 || inSlotID > kNumSockets)
    return NULL;

  return &fort11_slot[inSlotID-1];
}

CK_ULONG fort11_firstSessionID (int inSlotNum) {
        return (CK_ULONG)(inSlotNum);
}

/*
 * Utility to convert passed in PIN to a CI_PIN
 */
void fort11_convertToCIPin (CI_PIN ciPin,CK_CHAR_PTR pPin, CK_ULONG ulLen) {
  unsigned long i;

  for (i=0; i<ulLen; i++) {
    ciPin[i] = pPin[i];
  }
  ciPin[ulLen] = '\0';
}


/*
 * return true if object has attribute
 */
static PRBool
fort11_hasAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
    PK11Attribute *attribute;

    FMUTEX_Lock(object->attributeLock);
    pk11queue_find(attribute,type,object->head,HASH_SIZE);
    FMUTEX_Unlock(object->attributeLock);

    return (PRBool)(attribute != NULL);
}

/*
 * create a new attribute with type, value, and length. Space is allocated
 * to hold value.
 */
static PK11Attribute *
fort11_NewAttribute(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len) {
    PK11Attribute *attribute;
    CK_RV mrv;

    attribute = (PK11Attribute*)PORT_Alloc(sizeof(PK11Attribute));
    if (attribute == NULL) return NULL;

    attribute->attrib.type = type;
    if (value) {
	attribute->attrib.pValue = (CK_VOID_PTR)PORT_Alloc(len);
	if (attribute->attrib.pValue == NULL) {
	    PORT_Free(attribute);
	    return NULL;
	}
	PORT_Memcpy(attribute->attrib.pValue,value,len);
	attribute->attrib.ulValueLen = len;
    } else {
	attribute->attrib.pValue = NULL;
	attribute->attrib.ulValueLen = 0;
    }
    attribute->handle = type;
    attribute->next = attribute->prev = NULL;
    attribute->refCount = 1;
    if (FMUTEX_MutexEnabled()) {
        mrv = FMUTEX_Create (&attribute->refLock);
	if (mrv != CKR_OK) {
	    if (attribute->attrib.pValue) PORT_Free(attribute->attrib.pValue);
	    PORT_Free(attribute);
	    return NULL;
	}
    } else {
        attribute->refLock = NULL;
    }

    return attribute;
}

/*
 * add an attribute to an object
 */
static
void fort11_AddAttribute(PK11Object *object,PK11Attribute *attribute) {
    FMUTEX_Lock (object->attributeLock);
    pk11queue_add(attribute,attribute->handle,object->head,HASH_SIZE);
    FMUTEX_Unlock(object->attributeLock);
}

static CK_RV
fort11_AddAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *valPtr,
							CK_ULONG length) {
    PK11Attribute *attribute;
    attribute = fort11_NewAttribute(type,valPtr,length);
    if (attribute == NULL) { return CKR_HOST_MEMORY; }
    fort11_AddAttribute(object,attribute);
    return CKR_OK;
}



/* Make sure a given attribute exists. If it doesn't, initialize it to
 * value and len
 */
static CK_RV
fort11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *value,
							unsigned int len) {
    if ( !fort11_hasAttribute(object, type)) {
	return fort11_AddAttributeType(object,type,value,len);
    }
    return CKR_OK;
}

/*
 * look up and attribute structure from a type and Object structure.
 * The returned attribute is referenced and needs to be freed when 
 * it is no longer needed.
 */
static PK11Attribute *
fort11_FindAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
    PK11Attribute *attribute;

    FMUTEX_Lock(object->attributeLock);
    pk11queue_find(attribute,type,object->head,HASH_SIZE);
    if (attribute) {
	/* atomic increment would be nice here */
        FMUTEX_Lock(attribute->refLock);
	attribute->refCount++;
	FMUTEX_Unlock(attribute->refLock);
    }
    FMUTEX_Unlock(object->attributeLock);

    return(attribute);
}

/*
 * this is only valid for CK_BBOOL type attributes. Return the state
 * of that attribute.
 */
static PRBool
fort11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
    PK11Attribute *attribute;
    PRBool tok = PR_FALSE;

    attribute=fort11_FindAttribute(object,type);
    if (attribute == NULL) { return PR_FALSE; }
    tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue);
    fort11_FreeAttribute(attribute);

    return tok;
}

/*
 * add an object to a slot and session queue
 */
static
void fort11_AddSlotObject(PK11Slot *slot, PK11Object *object) {
    FMUTEX_Lock(slot->objectLock);
    pk11queue_add(object,object->handle,slot->tokObjects,HASH_SIZE);
    FMUTEX_Unlock(slot->objectLock);
}

static
void fort11_AddObject(PK11Session *session, PK11Object *object) {
    PK11Slot *slot = fort11_SlotFromSession(session);

    if (!fort11_isToken(object->handle)) {
        FMUTEX_Lock(session->objectLock);
	pk11queue_add(&object->sessionList,0,session->objects,0);
	FMUTEX_Unlock(session->objectLock);
    }
    fort11_AddSlotObject(slot,object);
} 

/*
 * free all the data associated with an object. Object reference count must
 * be 'zero'.
 */
static CK_RV
fort11_DestroyObject(PK11Object *object) {
    int i;
    CK_RV crv = CKR_OK;
/*    PORT_Assert(object->refCount == 0);*/

    if (object->label) PORT_Free(object->label);

    /* clean out the attributes */
    /* since no one is referencing us, it's safe to walk the chain
     * without a lock */
    for (i=0; i < HASH_SIZE; i++) {
	PK11Attribute *ap,*next;
	for (ap = object->head[i]; ap != NULL; ap = next) {
	    next = ap->next;
	    /* paranoia */
	    ap->next = ap->prev = NULL;
	    fort11_FreeAttribute(ap);
	}
	object->head[i] = NULL;
    }
    FMUTEX_Destroy(object->attributeLock);
    FMUTEX_Destroy(object->refLock);
    if (object->objectInfo) {
	(*object->infoFree)(object->objectInfo);
    }
    PORT_Free(object);
    return crv;
}


/*
 * release a reference to an attribute structure
 */
static void
fort11_FreeAttribute(PK11Attribute *attribute) {
    PRBool destroy = PR_FALSE;

    FMUTEX_Lock(attribute->refLock);
    if (attribute->refCount == 1) destroy = PR_TRUE;
    attribute->refCount--;
    FMUTEX_Unlock(attribute->refLock);

    if (destroy) fort11_DestroyAttribute(attribute);
}


/*
 * release a reference to an object handle
 */
static PK11FreeStatus
fort11_FreeObject(PK11Object *object) {
    PRBool destroy = PR_FALSE;
    CK_RV crv;

    FMUTEX_Lock(object->refLock);
    if (object->refCount == 1) destroy = PR_TRUE;
    object->refCount--;
    FMUTEX_Unlock(object->refLock);
      
    if (destroy) {
      crv = fort11_DestroyObject(object);
      if (crv != CKR_OK) {
	return PK11_DestroyFailure;
      } 
      return PK11_Destroyed;
    }
    return PK11_Busy;
}

static void
fort11_update_state(PK11Slot *slot,PK11Session *session) {
    if (slot->isLoggedIn) {
	if (slot->ssoLoggedIn) {
    	    session->info.state = CKS_RW_SO_FUNCTIONS;
	} else if (session->info.flags & CKF_RW_SESSION) {
    	    session->info.state = CKS_RW_USER_FUNCTIONS;
	} else {
    	    session->info.state = CKS_RO_USER_FUNCTIONS;
	}
    } else {
	if (session->info.flags & CKF_RW_SESSION) {
    	    session->info.state = CKS_RW_PUBLIC_SESSION;
	} else {
    	    session->info.state = CKS_RO_PUBLIC_SESSION;
	}
    }
}

/* update the state of all the sessions on a slot */
static void
fort11_update_all_states(PK11Slot *slot) {
    int i;
    PK11Session *session;

    for (i=0; i < SESSION_HASH_SIZE; i++) {
        FMUTEX_Lock(slot->sessionLock);
	for (session = slot->head[i]; session; session = session->next) {
	    fort11_update_state(slot,session);
	}
	FMUTEX_Unlock(slot->sessionLock);
    }
}


/*
 * Create a new object
 */
static PK11Object *
fort11_NewObject(PK11Slot *slot) {
    PK11Object *object;
    CK_RV mrv;
    int i;

    object = (PK11Object*)PORT_Alloc(sizeof(PK11Object));
    if (object == NULL) return NULL;

    object->handle = 0;
    object->next = object->prev = NULL;
    object->sessionList.next = NULL;
    object->sessionList.prev = NULL;
    object->sessionList.parent = object;
    object->inDB = PR_FALSE;
    object->label = NULL;
    object->refCount = 1;
    object->session = NULL;
    object->slot = slot;
    object->objclass = 0xffff;
    if (FMUTEX_MutexEnabled()) {
        mrv = FMUTEX_Create(&object->refLock);
	if (mrv != CKR_OK) {
	    PORT_Free(object);
	    return NULL;
	}
	mrv = FMUTEX_Create(&object->attributeLock);
	if (mrv != CKR_OK) {
	    FMUTEX_Destroy(object->refLock);
	    PORT_Free(object);
	    return NULL;
	}
    } else {
        object->attributeLock = NULL;
	object->refLock       = NULL;
    }   
    for (i=0; i < HASH_SIZE; i++) {
	object->head[i] = NULL;
    }
    object->objectInfo = NULL;
    object->infoFree = NULL;
    return object;
}

/*
 * look up and object structure from a handle. OBJECT_Handles only make
 * sense in terms of a given session.  make a reference to that object
 * structure returned.
 */
static PK11Object * fort11_ObjectFromHandle(CK_OBJECT_HANDLE handle, 
					    PK11Session *session) {
    PK11Object **head;
    void *lock;
    PK11Slot *slot = fort11_SlotFromSession(session);
    PK11Object *object;

    /*
     * Token objects are stored in the slot. Session objects are stored
     * with the session.
     */
    head = slot->tokObjects;
    lock = slot->objectLock;

    FMUTEX_Lock(lock);