fortpk11.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,331 行 · 第 1/5 页

    pk11queue_find(object,handle,head,HASH_SIZE);
    if (object) {
        FMUTEX_Lock(object->refLock);
	object->refCount++;
	FMUTEX_Unlock(object->refLock);
    }
    FMUTEX_Unlock(lock);

    return(object);
}

/*
 * add an object to a slot andsession queue
 */
static
void fort11_DeleteObject(PK11Session *session, PK11Object *object) {
    PK11Slot *slot;
    
    if (session == NULL) 
        return;
    slot = fort11_SlotFromSession(session);
    if (!fort11_isToken(object->handle)) {
        FMUTEX_Lock(session->objectLock);
	pk11queue_delete(&object->sessionList,0,session->objects,0);
	FMUTEX_Unlock(session->objectLock);
    }
    FMUTEX_Lock(slot->objectLock);
    pk11queue_delete(object,object->handle,slot->tokObjects,HASH_SIZE);
    FMUTEX_Unlock(slot->objectLock);
    fort11_FreeObject(object);
}



/*
 * ******************** Search Utilities *******************************
 */

/* add an object to a search list */
CK_RV
fort11_AddToList(PK11ObjectListElement **list,PK11Object *object) {
     PK11ObjectListElement *newelem = 
	(PK11ObjectListElement *)PORT_Alloc(sizeof(PK11ObjectListElement));

     if (newelem == NULL) return CKR_HOST_MEMORY;

     newelem->next = *list;
     newelem->object = object;
     FMUTEX_Lock(object->refLock);
     object->refCount++;
     FMUTEX_Unlock(object->refLock);

    *list = newelem;
    return CKR_OK;
}


/*
 * free a single list element. Return the Next object in the list.
 */
PK11ObjectListElement *
fort11_FreeObjectListElement(PK11ObjectListElement *objectList) {
    PK11ObjectListElement *ol = objectList->next;

    fort11_FreeObject(objectList->object);
    PORT_Free(objectList);
    return ol;
}

/* free an entire object list */
void
fort11_FreeObjectList(PK11ObjectListElement *objectList) {
    PK11ObjectListElement *ol;

    for (ol= objectList; ol != NULL; ol = fort11_FreeObjectListElement(ol)) {}
}

/*
 * free a search structure
 */
void
fort11_FreeSearch(PK11SearchResults *search) {
    if (search->handles) {
	PORT_Free(search->handles);
    }
    PORT_Free(search);
}


/*
 * Free up all the memory associated with an attribute. Reference count
 * must be zero to call this.
 */
static void
fort11_DestroyAttribute(PK11Attribute *attribute) {
    /*PORT_Assert(attribute->refCount == 0);*/
    FMUTEX_Destroy(attribute->refLock);
    if (attribute->attrib.pValue) {
	 /* clear out the data in the attribute value... it may have been
	  * sensitive data */
	 PORT_Memset(attribute->attrib.pValue,0,attribute->attrib.ulValueLen);
	 PORT_Free(attribute->attrib.pValue);
    }
    PORT_Free(attribute);
}
        
/*
 * delete an attribute from an object
 */
static void
fort11_DeleteAttribute(PK11Object *object, PK11Attribute *attribute) {
    FMUTEX_Lock(object->attributeLock);
    if (attribute->next || attribute->prev) {
	pk11queue_delete(attribute,attribute->handle,
						object->head,HASH_SIZE);
    }
    FMUTEX_Unlock(object->attributeLock);
    fort11_FreeAttribute(attribute);
}

/*
 * decode when a particular attribute may be modified
 * 	PK11_NEVER: This attribute must be set at object creation time and
 *  can never be modified.
 *	PK11_ONCOPY: This attribute may be modified only when you copy the
 *  object.
 *	PK11_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from
 *  FALSE to TRUE.
 *	PK11_ALWAYS: This attribute can always be modified.
 * Some attributes vary their modification type based on the class of the 
 *   object.
 */
PK11ModifyType
fort11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) {
    /* if we don't know about it, user user defined, always allow modify */
    PK11ModifyType mtype = PK11_ALWAYS; 

    switch(type) {
    /* NEVER */
    case CKA_CLASS:
    case CKA_CERTIFICATE_TYPE:
    case CKA_KEY_TYPE:
    case CKA_MODULUS:
    case CKA_MODULUS_BITS:
    case CKA_PUBLIC_EXPONENT:
    case CKA_PRIVATE_EXPONENT:
    case CKA_PRIME:
    case CKA_SUBPRIME:
    case CKA_BASE:
    case CKA_PRIME_1:
    case CKA_PRIME_2:
    case CKA_EXPONENT_1:
    case CKA_EXPONENT_2:
    case CKA_COEFFICIENT:
    case CKA_VALUE_LEN:
	mtype = PK11_NEVER;
	break;

    /* ONCOPY */
    case CKA_TOKEN:
    case CKA_PRIVATE:
	mtype = PK11_ONCOPY;
	break;

    /* SENSITIVE */
    case CKA_SENSITIVE:
	mtype = PK11_SENSITIVE;
	break;

    /* ALWAYS */
    case CKA_LABEL:
    case CKA_APPLICATION:
    case CKA_ID:
    case CKA_SERIAL_NUMBER:
    case CKA_START_DATE:
    case CKA_END_DATE:
    case CKA_DERIVE:
    case CKA_ENCRYPT:
    case CKA_DECRYPT:
    case CKA_SIGN:
    case CKA_VERIFY:
    case CKA_SIGN_RECOVER:
    case CKA_VERIFY_RECOVER:
    case CKA_WRAP:
    case CKA_UNWRAP:
	mtype = PK11_ALWAYS;
	break;

    /* DEPENDS ON CLASS */
    case CKA_VALUE:
	mtype = (inClass == CKO_DATA) ? PK11_ALWAYS : PK11_NEVER;
	break;

    case CKA_SUBJECT:
	mtype = (inClass == CKO_CERTIFICATE) ? PK11_NEVER : PK11_ALWAYS;
	break;
    default:
	break;
    }
    return mtype;
}

/* decode if a particular attribute is sensitive (cannot be read
 * back to the user of if the object is set to SENSITIVE) */
PRBool
fort11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) {
    switch(type) {
    /* ALWAYS */
    case CKA_PRIVATE_EXPONENT:
    case CKA_PRIME_1:
    case CKA_PRIME_2:
    case CKA_EXPONENT_1:
    case CKA_EXPONENT_2:
    case CKA_COEFFICIENT:
	return PR_TRUE;

    /* DEPENDS ON CLASS */
    case CKA_VALUE:
	/* PRIVATE and SECRET KEYS have SENSITIVE values */
	return (PRBool)((inClass == CKO_PRIVATE_KEY) || 
			(inClass == CKO_SECRET_KEY));

    default:
	break;
    }
    return PR_FALSE;
}

static void
fort11_DeleteAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
    PK11Attribute *attribute;
    attribute = fort11_FindAttribute(object, type);
    if (attribute == NULL) return ;
    fort11_DeleteAttribute(object,attribute);
}


/*
 * create a new nession. NOTE: The session handle is not set, and the
 * session is not added to the slot's session queue.
 */
static PK11Session *
fort11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, 
		  CK_VOID_PTR pApplication,
		  CK_FLAGS flags) {
    PK11Session *session;
    PK11Slot *slot = &fort11_slot[slotID-1];
    CK_RV mrv;

    if (slot == NULL) return NULL;

    session = (PK11Session*)PORT_Alloc(sizeof(PK11Session));
    if (session == NULL) return NULL;

    session->next = session->prev = NULL;
    session->refCount = 1;
    session->context = NULL;
    session->search = NULL;
    session->objectIDCount = 1;
    session->fortezzaContext.fortezzaKey = NULL;
    session->fortezzaContext.fortezzaSocket = NULL;

    if (FMUTEX_MutexEnabled()) {
        mrv = FMUTEX_Create(&session->refLock);
	if (mrv != CKR_OK) {
	    PORT_Free(session);
	    return NULL;
	}
	mrv = FMUTEX_Create(&session->objectLock);
	if (mrv != CKR_OK) {
	    FMUTEX_Destroy(session->refLock);
	    PORT_Free(session);
	    return NULL;
	}
    } else {
        session->refLock    = NULL;
	session->objectLock = NULL;
    }

    session->objects[0] = NULL;

    session->slot = slot;
    session->notify = notify;
    session->appData = pApplication;
    session->info.flags = flags;
    session->info.slotID = slotID;
    fort11_update_state(slot,session);
    return session;
}


/*
 * look up a session structure from a session handle
 * generate a reference to it.
 */
PK11Session *
fort11_SessionFromHandle(CK_SESSION_HANDLE handle, PRBool isCloseSession) {
    PK11Slot	*slot = fort11_SlotFromSessionHandle(handle);
    PK11Session *session;

    if (!isCloseSession && 
	!SocketStateUnchanged(&fortezzaSockets[slot->slotID-1]))
        return NULL;

    FMUTEX_Lock(slot->sessionLock);
    pk11queue_find(session,handle,slot->head,SESSION_HASH_SIZE);
    if (session) session->refCount++;
    FMUTEX_Unlock(slot->sessionLock);

    return (session);
}

/* free all the data associated with a session. */
static void
fort11_DestroySession(PK11Session *session)
{
    PK11ObjectList *op,*next;
/*    PORT_Assert(session->refCount == 0);*/

    /* clean out the attributes */
    FMUTEX_Lock(session->objectLock);
    for (op = session->objects[0]; op != NULL; op = next) {
        next = op->next;
        /* paranoia */
	op->next = op->prev = NULL;
	fort11_DeleteObject(session,op->parent);
    }
    FMUTEX_Unlock(session->objectLock);

    FMUTEX_Destroy(session->objectLock);
    FMUTEX_Destroy(session->refLock);

    if (session->search) {
	fort11_FreeSearch(session->search);
    }

    pk11queue_delete(session, session->handle, session->slot->head,
		     SESSION_HASH_SIZE);

    PORT_Free(session);
}


/*
 * release a reference to a session handle
 */
void
fort11_FreeSession(PK11Session *session) {
    PRBool destroy = PR_FALSE;
    PK11Slot *slot = NULL;

    if (!session) return;  /*Quick fix to elminate crash*/
                           /*Fix in later version       */

    if (FMUTEX_MutexEnabled()) {
        slot = fort11_SlotFromSession(session);
	FMUTEX_Lock(slot->sessionLock);
    }
    if (session->refCount == 1) destroy = PR_TRUE;
    session->refCount--;
    if (FMUTEX_MutexEnabled()) {
        FMUTEX_Unlock(slot->sessionLock);
    }

    if (destroy) {
      fort11_DestroySession(session);
    }
}


/* return true if the object matches the template */
PRBool
fort11_objectMatch(PK11Object *object,CK_ATTRIBUTE_PTR theTemplate,int count) {
    int i;

    for (i=0; i < count; i++) {
	PK11Attribute *attribute = 
	    fort11_FindAttribute(object,theTemplate[i].type);
	if (attribute == NULL) {
	    return PR_FALSE;
	}
	if (attribute->attrib.ulValueLen == theTemplate[i].ulValueLen) {
	    if (PORT_Memcmp(attribute->attrib.pValue,theTemplate[i].pValue,
					theTemplate[i].ulValueLen) == 0) {
                fort11_FreeAttribute(attribute);
		continue;
	    }
	}
        fort11_FreeAttribute(attribute);
	return PR_FALSE;
    }
    return PR_TRUE;
}

/* search through all the objects in the queue and return the template matches
 * in the object list.
 */
CK_RV
fort11_searchObjectList(PK11ObjectListElement **objectList,PK11Object **head,
			void *lock, CK_ATTRIBUTE_PTR theTemplate, int count) {
    int i;
    PK11Object *object;
    CK_RV rv;

    for(i=0; i < HASH_SIZE; i++) {
        /* We need to hold the lock to copy a consistant version of
         * the linked list. */
        FMUTEX_Lock(lock);
	for (object = head[i]; object != NULL; object= object->next) {
	    if (fort11_objectMatch(object,theTemplate,count)) {
	        rv = fort11_AddToList(objectList,object);
		if (rv != CKR_OK) {
		    return rv;
		}
	    }
	}
	FMUTEX_Unlock(lock);
    }
    return CKR_OK;
}

static PRBool
fort11_NotAllFuncsNULL (CK_C_INITIALIZE_ARGS_PTR pArgs) {
    return (PRBool)(pArgs && pArgs->CreateMutex && pArgs->DestroyMutex &&
		    pArgs->LockMutex   && pArgs->UnlockMutex);
}

static PRBool
fort11_InArgCheck(CK_C_INITIALIZE_ARGS_PTR pArgs) {
    PRBool rv;
    /* The only check for now, is to make sure that all of the
     * function pointers are either all NULL or all Non-NULL.
     * We also need to make sure the pReserved field in pArgs is
     * set to NULL.
     */
    if (pArgs == NULL) {
        return  PR_TRUE; /* If the argument is NULL, no
			  * inconsistencies can exist.
			  */
    }

    if (pArgs->pReserved != NULL) {
        return PR_FALSE;
    }

    if (pArgs->CreateMutex != NULL) {
        rv = (PRBool) (pArgs->DestroyMutex != NULL &&
		       pArgs->LockMutex    != NULL &&
		       pArgs->UnlockMutex  != NULL);
    } else { /*pArgs->CreateMutex == NULL*/
        rv = (PRBool) (pArgs->DestroyMutex == NULL &&
		       pArgs->LockMutex    == NULL &&
		       pArgs->UnlockMutex  == NULL);
    }
    return rv;
}



/**********************************************************************
 *
 *     Start of PKCS 11 functions 
 *
 **********************************************************************/
 
 
/**********************************************************************