tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sftkpars.c (9947B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 *  The following code handles the storage of PKCS 11 modules used by the
      6 * NSS. This file is written to abstract away how the modules are
      7 * stored so we can deside that later.
      8 */
      9 #include "pkcs11i.h"
     10 #include "sdb.h"
     11 #include "prprf.h"
     12 #include "prenv.h"
     13 #include "utilpars.h"
     14 
     15 #define FREE_CLEAR(p) \
     16    if (p) {          \
     17        PORT_Free(p); \
     18        p = NULL;     \
     19    }
     20 
     21 static void
     22 sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed)
     23 {
     24    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
     25    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
     26    parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp);
     27    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
     28    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
     29    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
     30    return;
     31 }
     32 
     33 static void
     34 sftk_parseFlags(char *tmp, sftk_parameters *parsed)
     35 {
     36    parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp);
     37    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
     38    /* keep legacy interface working */
     39    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
     40    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
     41    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
     42    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
     43    return;
     44 }
     45 
     46 static CK_RV
     47 sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed)
     48 {
     49    int next;
     50    char *tmp = NULL;
     51    const char *index;
     52    index = NSSUTIL_ArgStrip(param);
     53 
     54    while (*index) {
     55        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
     56        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
     57        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updCertPrefix, "updateCertPrefix=", ;)
     58        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updKeyPrefix, "updateKeyPrefix=", ;)
     59        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
     60        NSSUTIL_HANDLE_STRING_ARG(index, parsed->certPrefix, "certPrefix=", ;)
     61        NSSUTIL_HANDLE_STRING_ARG(index, parsed->keyPrefix, "keyPrefix=", ;)
     62        NSSUTIL_HANDLE_STRING_ARG(index, parsed->tokdes, "tokenDescription=", ;)
     63        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updtokdes, "updateTokenDescription=", ;)
     64        NSSUTIL_HANDLE_STRING_ARG(index, parsed->slotdes, "slotDescription=", ;)
     65        NSSUTIL_HANDLE_STRING_ARG(
     66            index, tmp, "minPWLen=",
     67            if (tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; })
     68        NSSUTIL_HANDLE_STRING_ARG(
     69            index, tmp, "flags=",
     70            if (tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
     71        NSSUTIL_HANDLE_FINAL_ARG(index)
     72    }
     73    return CKR_OK;
     74 }
     75 
     76 static void
     77 sftk_parseTokens(char *tokenParams, sftk_parameters *parsed)
     78 {
     79    const char *tokenIndex;
     80    sftk_token_parameters *tokens = NULL;
     81    int i = 0, count = 0, next;
     82 
     83    if ((tokenParams == NULL) || (*tokenParams == 0))
     84        return;
     85 
     86    /* first count the number of slots */
     87    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex;
     88         tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
     89        count++;
     90    }
     91 
     92    /* get the data structures */
     93    tokens = (sftk_token_parameters *)
     94        PORT_ZAlloc(count * sizeof(sftk_token_parameters));
     95    if (tokens == NULL)
     96        return;
     97 
     98    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0;
     99         *tokenIndex && i < count; i++) {
    100        char *name;
    101        name = NSSUTIL_ArgGetLabel(tokenIndex, &next);
    102        tokenIndex += next;
    103 
    104        tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name);
    105        tokens[i].readOnly = PR_FALSE;
    106        tokens[i].noCertDB = PR_FALSE;
    107        tokens[i].noKeyDB = PR_FALSE;
    108        if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
    109            char *args = NSSUTIL_ArgFetchValue(tokenIndex, &next);
    110            tokenIndex += next;
    111            if (args) {
    112                sftk_parseTokenParameters(args, &tokens[i]);
    113                PORT_Free(args);
    114            }
    115        }
    116        if (name)
    117            PORT_Free(name);
    118        tokenIndex = NSSUTIL_ArgStrip(tokenIndex);
    119    }
    120    parsed->token_count = i;
    121    parsed->tokens = tokens;
    122    return;
    123 }
    124 
    125 CK_RV
    126 sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
    127 {
    128    int next;
    129    char *tmp = NULL;
    130    const char *index;
    131    char *certPrefix = NULL, *keyPrefix = NULL;
    132    char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL;
    133    char *slotdes = NULL, *pslotdes = NULL;
    134    char *fslotdes = NULL, *ftokdes = NULL;
    135    char *minPW = NULL;
    136    index = NSSUTIL_ArgStrip(param);
    137 
    138    PORT_Memset(parsed, 0, sizeof(sftk_parameters));
    139 
    140    while (*index) {
    141        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
    142        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
    143        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
    144        NSSUTIL_HANDLE_STRING_ARG(index, parsed->secmodName, "secmod=", ;)
    145        NSSUTIL_HANDLE_STRING_ARG(index, parsed->man, "manufacturerID=", ;)
    146        NSSUTIL_HANDLE_STRING_ARG(index, parsed->libdes, "libraryDescription=", ;)
    147        /* constructed values, used so legacy interfaces still work */
    148        NSSUTIL_HANDLE_STRING_ARG(index, certPrefix, "certPrefix=", ;)
    149        NSSUTIL_HANDLE_STRING_ARG(index, keyPrefix, "keyPrefix=", ;)
    150        NSSUTIL_HANDLE_STRING_ARG(index, tokdes, "cryptoTokenDescription=", ;)
    151        NSSUTIL_HANDLE_STRING_ARG(index, ptokdes, "dbTokenDescription=", ;)
    152        NSSUTIL_HANDLE_STRING_ARG(index, slotdes, "cryptoSlotDescription=", ;)
    153        NSSUTIL_HANDLE_STRING_ARG(index, pslotdes, "dbSlotDescription=", ;)
    154        NSSUTIL_HANDLE_STRING_ARG(index, fslotdes, "FIPSSlotDescription=", ;)
    155        NSSUTIL_HANDLE_STRING_ARG(index, ftokdes, "FIPSTokenDescription=", ;)
    156        NSSUTIL_HANDLE_STRING_ARG(index, pupdtokdes, "updateTokenDescription=", ;)
    157        NSSUTIL_HANDLE_STRING_ARG(index, minPW, "minPWLen=", ;)
    158 
    159        NSSUTIL_HANDLE_STRING_ARG(
    160            index, tmp, "flags=",
    161            if (tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
    162        NSSUTIL_HANDLE_STRING_ARG(
    163            index, tmp, "tokens=",
    164            if (tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; })
    165        NSSUTIL_HANDLE_FINAL_ARG(index)
    166    }
    167    if (parsed->tokens == NULL) {
    168        int count = isFIPS ? 1 : 2;
    169        int i = count - 1;
    170        sftk_token_parameters *tokens = NULL;
    171 
    172        tokens = (sftk_token_parameters *)
    173            PORT_ZAlloc(count * sizeof(sftk_token_parameters));
    174        if (tokens == NULL) {
    175            goto loser;
    176        }
    177        parsed->tokens = tokens;
    178        parsed->token_count = count;
    179        tokens[i].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
    180        tokens[i].certPrefix = certPrefix;
    181        tokens[i].keyPrefix = keyPrefix;
    182        tokens[i].minPW = minPW ? atoi(minPW) : 0;
    183        tokens[i].readOnly = parsed->readOnly;
    184        tokens[i].noCertDB = parsed->noCertDB;
    185        tokens[i].noKeyDB = parsed->noCertDB;
    186        tokens[i].forceOpen = parsed->forceOpen;
    187        tokens[i].pwRequired = parsed->pwRequired;
    188        tokens[i].optimizeSpace = parsed->optimizeSpace;
    189        tokens[0].optimizeSpace = parsed->optimizeSpace;
    190        certPrefix = NULL;
    191        keyPrefix = NULL;
    192        if (isFIPS) {
    193            tokens[i].tokdes = ftokdes;
    194            tokens[i].updtokdes = pupdtokdes;
    195            tokens[i].slotdes = fslotdes;
    196            fslotdes = NULL;
    197            ftokdes = NULL;
    198            pupdtokdes = NULL;
    199        } else {
    200            tokens[i].tokdes = ptokdes;
    201            tokens[i].updtokdes = pupdtokdes;
    202            tokens[i].slotdes = pslotdes;
    203            tokens[0].slotID = NETSCAPE_SLOT_ID;
    204            tokens[0].tokdes = tokdes;
    205            tokens[0].slotdes = slotdes;
    206            tokens[0].noCertDB = PR_TRUE;
    207            tokens[0].noKeyDB = PR_TRUE;
    208            pupdtokdes = NULL;
    209            ptokdes = NULL;
    210            pslotdes = NULL;
    211            tokdes = NULL;
    212            slotdes = NULL;
    213        }
    214    }
    215 
    216 loser:
    217    FREE_CLEAR(certPrefix);
    218    FREE_CLEAR(keyPrefix);
    219    FREE_CLEAR(tokdes);
    220    FREE_CLEAR(ptokdes);
    221    FREE_CLEAR(pupdtokdes);
    222    FREE_CLEAR(slotdes);
    223    FREE_CLEAR(pslotdes);
    224    FREE_CLEAR(fslotdes);
    225    FREE_CLEAR(ftokdes);
    226    FREE_CLEAR(minPW);
    227    return CKR_OK;
    228 }
    229 
    230 void
    231 sftk_freeParams(sftk_parameters *params)
    232 {
    233    int i;
    234 
    235    for (i = 0; i < params->token_count; i++) {
    236        FREE_CLEAR(params->tokens[i].configdir);
    237        FREE_CLEAR(params->tokens[i].certPrefix);
    238        FREE_CLEAR(params->tokens[i].keyPrefix);
    239        FREE_CLEAR(params->tokens[i].tokdes);
    240        FREE_CLEAR(params->tokens[i].slotdes);
    241        FREE_CLEAR(params->tokens[i].updatedir);
    242        FREE_CLEAR(params->tokens[i].updCertPrefix);
    243        FREE_CLEAR(params->tokens[i].updKeyPrefix);
    244        FREE_CLEAR(params->tokens[i].updateID);
    245        FREE_CLEAR(params->tokens[i].updtokdes);
    246    }
    247 
    248    FREE_CLEAR(params->configdir);
    249    FREE_CLEAR(params->secmodName);
    250    FREE_CLEAR(params->man);
    251    FREE_CLEAR(params->libdes);
    252    FREE_CLEAR(params->tokens);
    253    FREE_CLEAR(params->updatedir);
    254    FREE_CLEAR(params->updateID);
    255 }
    256 
    257 PRBool
    258 sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved)
    259 {
    260    CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved;
    261 
    262    /* if we don't have any params, the flag isn't set */
    263    if ((!init_args || !init_args->LibraryParameters)) {
    264        return PR_FALSE;
    265    }
    266 
    267    return NSSUTIL_ArgHasFlag(entry, flag, (const char *)init_args->LibraryParameters);
    268 }