token.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,865 行 · 第 1/3 页

        goto badtime;
      }
    }

    Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
        ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0');
    M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0');
    D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0');
    h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0');
    m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
    s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
    z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0');

    if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem.  heh heh heh */
    if( (M < 1) || (M > 12) ) goto badtime;
    if( (D < 1) || (D > 31) ) goto badtime;

    if( D > dims[M-1] ) goto badtime; /* per-month check */
    if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */

    if( (h < 0) || (h > 23) ) goto badtime;
    if( (m < 0) || (m > 60) ) goto badtime;
    if( (s < 0) || (s > 61) ) goto badtime;

    /* 60m and 60 or 61s is only allowed for leap seconds. */
    if( (60 == m) || (s >= 60) ) {
      if( (23 != h) || (60 != m) || (s < 60) ) goto badtime;
      /* leap seconds can only happen on June 30 or Dec 31.. I think */
      /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
    }
  }

  return CKR_OK;

 badtime:
  return CKR_GENERAL_ERROR;
}

/*
 * nssCKFWToken_OpenSession
 *
 */
NSS_IMPLEMENT NSSCKFWSession *
nssCKFWToken_OpenSession
(
  NSSCKFWToken *fwToken,
  CK_BBOOL rw,
  CK_VOID_PTR pApplication,
  CK_NOTIFY Notify,
  CK_RV *pError
)
{
  NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
  NSSCKMDSession *mdSession;

#ifdef NSSDEBUG
  if( (CK_RV *)NULL == pError ) {
    return (NSSCKFWSession *)NULL;
  }

  *pError = nssCKFWToken_verifyPointer(fwToken);
  if( CKR_OK != *pError ) {
    return (NSSCKFWSession *)NULL;
  }

  switch( rw ) {
  case CK_TRUE:
  case CK_FALSE:
    break;
  default:
    *pError = CKR_ARGUMENTS_BAD;
    return (NSSCKFWSession *)NULL;
  }
#endif /* NSSDEBUG */

  *pError = nssCKFWMutex_Lock(fwToken->mutex);
  if( CKR_OK != *pError ) {
    return (NSSCKFWSession *)NULL;
  }

  if( CK_TRUE == rw ) {
    /* Read-write session desired */
    if( CK_TRUE != nssCKFWToken_GetIsWriteProtected(fwToken) ) {
      *pError = CKR_TOKEN_WRITE_PROTECTED;
      goto done;
    }
  } else {
    /* Read-only session desired */
    if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) {
      *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
      goto done;
    }
  }

  /* We could compare sesion counts to any limits we know of, I guess.. */

  if( (void *)NULL == (void *)fwToken->mdToken->OpenSession ) {
    /*
     * I'm not sure that the Module actually needs to implement
     * mdSessions -- the Framework can keep track of everything 
     * needed, really.  But I'll sort out that detail later..
     */
    *pError = CKR_GENERAL_ERROR;
    goto done;
  }

  fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
  if( (NSSCKFWSession *)NULL == fwSession ) {
    if( CKR_OK == *pError ) {
      *pError = CKR_GENERAL_ERROR;
    }
    goto done;
  }

  mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
                fwToken->mdInstance, fwToken->fwInstance, fwSession,
                rw, pError);
  if( (NSSCKMDSession *)NULL == mdSession ) {
    (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
    if( CKR_OK == *pError ) {
      *pError = CKR_GENERAL_ERROR;
    }
    goto done;
  }

  *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
  if( CKR_OK != *pError ) {
    if( (void *)NULL != (void *)mdSession->Close ) {
      mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
      fwToken->mdInstance, fwToken->fwInstance);
    }
    (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
    goto done;
  }

  *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
  if( CKR_OK != *pError ) {
    (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
    fwSession = (NSSCKFWSession *)NULL;
    goto done;
  }

 done:
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return fwSession;
}

/*
 * nssCKFWToken_GetMechanismCount
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWToken_GetMechanismCount
(
  NSSCKFWToken *fwToken
)
{
#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return 0;
  }
#endif /* NSSDEBUG */

  if( (void *)NULL == fwToken->mdToken->GetMechanismCount ) {
    return 0;
  }

  return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
    fwToken->mdInstance, fwToken->fwInstance);
}

/*
 * nssCKFWToken_GetMechanismTypes
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWToken_GetMechanismTypes
(
  NSSCKFWToken *fwToken,
  CK_MECHANISM_TYPE types[]
)
{
#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return CKR_ARGUMENTS_BAD;
  }

  if( (CK_MECHANISM_TYPE *)NULL == types ) {
    return CKR_ARGUMENTS_BAD;
  }
#endif /* NSSDEBUG */

  if( (void *)NULL == fwToken->mdToken->GetMechanismTypes ) {
    /*
     * This should only be called with a sufficiently-large
     * "types" array, which can only be done if GetMechanismCount
     * is implemented.  If that's implemented (and returns nonzero),
     * then this should be too.  So return an error.
     */
    return CKR_GENERAL_ERROR;
  }

  return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
    fwToken->mdInstance, fwToken->fwInstance, types);
}


/*
 * nssCKFWToken_GetMechanism
 *
 */
NSS_IMPLEMENT NSSCKFWMechanism *
nssCKFWToken_GetMechanism
(
  NSSCKFWToken *fwToken,
  CK_MECHANISM_TYPE which,
  CK_RV *pError
)
{
  /* XXX fgmr */
  return (NSSCKFWMechanism *)NULL;
}

NSS_IMPLEMENT CK_RV
nssCKFWToken_SetSessionState
(
  NSSCKFWToken *fwToken,
  CK_STATE newState
)
{
  CK_RV error = CKR_OK;

#ifdef NSSDEBUG
  error = nssCKFWToken_verifyPointer(fwToken);
  if( CKR_OK != error ) {
    return error;
  }

  switch( newState ) {
  case CKS_RO_PUBLIC_SESSION:
  case CKS_RO_USER_FUNCTIONS:
  case CKS_RW_PUBLIC_SESSION:
  case CKS_RW_USER_FUNCTIONS:
  case CKS_RW_SO_FUNCTIONS:
    break;
  default:
    return CKR_ARGUMENTS_BAD;
  }
#endif /* NSSDEBUG */

  error = nssCKFWMutex_Lock(fwToken->mutex);
  if( CKR_OK != error ) {
    return error;
  }

  fwToken->state = newState;
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return CKR_OK;
}

/*
 * nssCKFWToken_RemoveSession
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWToken_RemoveSession
(
  NSSCKFWToken *fwToken,
  NSSCKFWSession *fwSession
)
{
  CK_RV error = CKR_OK;

#ifdef NSSDEBUG
  error = nssCKFWToken_verifyPointer(fwToken);
  if( CKR_OK != error ) {
    return error;
  }

  error = nssCKFWSession_verifyPointer(fwSession);
  if( CKR_OK != error ) {
    return error;
  }
#endif /* NSSDEBUG */

  error = nssCKFWMutex_Lock(fwToken->mutex);
  if( CKR_OK != error ) {
    return error;
  }

  if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) {
    error = CKR_SESSION_HANDLE_INVALID;
    goto done;
  }

  nssCKFWHash_Remove(fwToken->sessions, fwSession);
  fwToken->sessionCount--;

  if( nssCKFWSession_IsRWSession(fwSession) ) {
    fwToken->rwSessionCount--;
  }

  if( 0 == fwToken->sessionCount ) {
    fwToken->rwSessionCount = 0; /* sanity */
    fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
  }

  error = CKR_OK;

 done:
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return error;
}

static void
nss_ckfwtoken_session_iterator
(
  const void *key,
  void *value,
  void *closure
)
{
  /*
   * Remember that the fwToken->mutex is locked
   */
  NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
  (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
  return;
}

/*
 * nssCKFWToken_CloseAllSessions
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWToken_CloseAllSessions
(
  NSSCKFWToken *fwToken
)
{
  CK_RV error = CKR_OK;

#ifdef NSSDEBUG
  error = nssCKFWToken_verifyPointer(fwToken);
  if( CKR_OK != error ) {
    return error;
  }
#endif /* NSSDEBUG */

  error = nssCKFWMutex_Lock(fwToken->mutex);
  if( CKR_OK != error ) {
    return error;
  }

  nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);

  nssCKFWHash_Destroy(fwToken->sessions);

  fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
  if( (nssCKFWHash *)NULL == fwToken->sessions ) {
    if( CKR_OK == error ) {
      error = CKR_GENERAL_ERROR;
    }
    goto done;
  }

  fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
  fwToken->sessionCount = 0;
  fwToken->rwSessionCount = 0;

  error = CKR_OK;

 done:
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return error;
}

/*
 * nssCKFWToken_GetSessionCount
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWToken_GetSessionCount
(
  NSSCKFWToken *fwToken
)
{
  CK_ULONG rv;

#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (CK_ULONG)0;
  }
#endif /* NSSDEBUG */

  if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
    return (CK_ULONG)0;
  }

  rv = fwToken->sessionCount;
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return rv;
}

/*
 * nssCKFWToken_GetRwSessionCount
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWToken_GetRwSessionCount
(
  NSSCKFWToken *fwToken
)
{
  CK_ULONG rv;

#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (CK_ULONG)0;
  }
#endif /* NSSDEBUG */

  if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
    return (CK_ULONG)0;
  }

  rv = fwToken->rwSessionCount;
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return rv;
}

/*
 * nssCKFWToken_GetRoSessionCount
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWToken_GetRoSessionCount
(
  NSSCKFWToken *fwToken
)
{
  CK_ULONG rv;

#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (CK_ULONG)0;
  }
#endif /* NSSDEBUG */

  if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
    return (CK_ULONG)0;
  }

  rv = fwToken->sessionCount - fwToken->rwSessionCount;
  (void)nssCKFWMutex_Unlock(fwToken->mutex);
  return rv;
}

/*
 * nssCKFWToken_GetSessionObjectHash
 *
 */
NSS_IMPLEMENT nssCKFWHash *
nssCKFWToken_GetSessionObjectHash
(
  NSSCKFWToken *fwToken
)
{
#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (nssCKFWHash *)NULL;
  }
#endif /* NSSDEBUG */

  return fwToken->sessionObjectHash;
}

/*
 * nssCKFWToken_GetMDObjectHash
 *
 */
NSS_IMPLEMENT nssCKFWHash *
nssCKFWToken_GetMDObjectHash
(
  NSSCKFWToken *fwToken
)
{
#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (nssCKFWHash *)NULL;
  }
#endif /* NSSDEBUG */

  return fwToken->mdObjectHash;
}

/*
 * nssCKFWToken_GetObjectHandleHash
 *
 */
NSS_IMPLEMENT nssCKFWHash *
nssCKFWToken_GetObjectHandleHash
(
  NSSCKFWToken *fwToken
)
{
#ifdef NSSDEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (nssCKFWHash *)NULL;
  }
#endif /* NSSDEBUG */

  return fwToken->mdObjectHash;
}

/*
 * NSSCKFWToken_GetMDToken
 *
 */

NSS_IMPLEMENT NSSCKMDToken *
NSSCKFWToken_GetMDToken
(
  NSSCKFWToken *fwToken
)
{
#ifdef DEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (NSSCKMDToken *)NULL;
  }
#endif /* DEBUG */

  return nssCKFWToken_GetMDToken(fwToken);
}

/*
 * NSSCKFWToken_GetArena
 *
 */

NSS_IMPLEMENT NSSArena *
NSSCKFWToken_GetArena
(
  NSSCKFWToken *fwToken,
  CK_RV *pError
)
{
#ifdef DEBUG
  if( (CK_RV *)NULL == pError ) {
    return (NSSArena *)NULL;
  }

  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    *pError = CKR_ARGUMENTS_BAD;
    return (NSSArena *)NULL;
  }
#endif /* DEBUG */

  return nssCKFWToken_GetArena(fwToken, pError);
}

/*
 * NSSCKFWToken_GetFWSlot
 *
 */

NSS_IMPLEMENT NSSCKFWSlot *
NSSCKFWToken_GetFWSlot
(
  NSSCKFWToken *fwToken
)
{
#ifdef DEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (NSSCKFWSlot *)NULL;
  }
#endif /* DEBUG */

  return nssCKFWToken_GetFWSlot(fwToken);
}

/*
 * NSSCKFWToken_GetMDSlot
 *
 */

NSS_IMPLEMENT NSSCKMDSlot *
NSSCKFWToken_GetMDSlot
(
  NSSCKFWToken *fwToken
)
{
#ifdef DEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return (NSSCKMDSlot *)NULL;
  }
#endif /* DEBUG */

  return nssCKFWToken_GetMDSlot(fwToken);
}

/*
 * NSSCKFWToken_GetSessionState
 *
 */

NSS_IMPLEMENT CK_STATE
NSSCKFWSession_GetSessionState
(
  NSSCKFWToken *fwToken
)
{
#ifdef DEBUG
  if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
    return CKS_RO_PUBLIC_SESSION;
  }
#endif /* DEBUG */

  return nssCKFWToken_GetSessionState(fwToken);
}