diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /security/nss/lib/softoken/sftkpars.c | |
parent | Initial commit. (diff) | |
download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/softoken/sftkpars.c')
-rw-r--r-- | security/nss/lib/softoken/sftkpars.c | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/sftkpars.c b/security/nss/lib/softoken/sftkpars.c new file mode 100644 index 0000000000..fdd08648fc --- /dev/null +++ b/security/nss/lib/softoken/sftkpars.c @@ -0,0 +1,268 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * The following code handles the storage of PKCS 11 modules used by the + * NSS. This file is written to abstract away how the modules are + * stored so we can deside that later. + */ +#include "pkcs11i.h" +#include "sdb.h" +#include "prprf.h" +#include "prenv.h" +#include "utilpars.h" + +#define FREE_CLEAR(p) \ + if (p) { \ + PORT_Free(p); \ + p = NULL; \ + } + +static void +sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) +{ + parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp); + parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp); + parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp); + parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp); + parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp); + parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp); + return; +} + +static void +sftk_parseFlags(char *tmp, sftk_parameters *parsed) +{ + parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp); + parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp); + /* keep legacy interface working */ + parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp); + parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp); + parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp); + parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp); + return; +} + +static CK_RV +sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed) +{ + int next; + char *tmp = NULL; + const char *index; + index = NSSUTIL_ArgStrip(param); + + while (*index) { + NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updCertPrefix, "updateCertPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updKeyPrefix, "updateKeyPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->certPrefix, "certPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->keyPrefix, "keyPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->tokdes, "tokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updtokdes, "updateTokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->slotdes, "slotDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG( + index, tmp, "minPWLen=", + if (tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; }) + NSSUTIL_HANDLE_STRING_ARG( + index, tmp, "flags=", + if (tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; }) + NSSUTIL_HANDLE_FINAL_ARG(index) + } + return CKR_OK; +} + +static void +sftk_parseTokens(char *tokenParams, sftk_parameters *parsed) +{ + const char *tokenIndex; + sftk_token_parameters *tokens = NULL; + int i = 0, count = 0, next; + + if ((tokenParams == NULL) || (*tokenParams == 0)) + return; + + /* first count the number of slots */ + for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex; + tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) { + count++; + } + + /* get the data structures */ + tokens = (sftk_token_parameters *) + PORT_ZAlloc(count * sizeof(sftk_token_parameters)); + if (tokens == NULL) + return; + + for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0; + *tokenIndex && i < count; i++) { + char *name; + name = NSSUTIL_ArgGetLabel(tokenIndex, &next); + tokenIndex += next; + + tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name); + tokens[i].readOnly = PR_FALSE; + tokens[i].noCertDB = PR_FALSE; + tokens[i].noKeyDB = PR_FALSE; + if (!NSSUTIL_ArgIsBlank(*tokenIndex)) { + char *args = NSSUTIL_ArgFetchValue(tokenIndex, &next); + tokenIndex += next; + if (args) { + sftk_parseTokenParameters(args, &tokens[i]); + PORT_Free(args); + } + } + if (name) + PORT_Free(name); + tokenIndex = NSSUTIL_ArgStrip(tokenIndex); + } + parsed->token_count = i; + parsed->tokens = tokens; + return; +} + +CK_RV +sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS) +{ + int next; + char *tmp = NULL; + const char *index; + char *certPrefix = NULL, *keyPrefix = NULL; + char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL; + char *slotdes = NULL, *pslotdes = NULL; + char *fslotdes = NULL, *ftokdes = NULL; + char *minPW = NULL; + index = NSSUTIL_ArgStrip(param); + + PORT_Memset(parsed, 0, sizeof(sftk_parameters)); + + while (*index) { + NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->secmodName, "secmod=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->man, "manufacturerID=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, parsed->libdes, "libraryDescription=", ;) + /* constructed values, used so legacy interfaces still work */ + NSSUTIL_HANDLE_STRING_ARG(index, certPrefix, "certPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, keyPrefix, "keyPrefix=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, tokdes, "cryptoTokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, ptokdes, "dbTokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, slotdes, "cryptoSlotDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, pslotdes, "dbSlotDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, fslotdes, "FIPSSlotDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, ftokdes, "FIPSTokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, pupdtokdes, "updateTokenDescription=", ;) + NSSUTIL_HANDLE_STRING_ARG(index, minPW, "minPWLen=", ;) + + NSSUTIL_HANDLE_STRING_ARG( + index, tmp, "flags=", + if (tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; }) + NSSUTIL_HANDLE_STRING_ARG( + index, tmp, "tokens=", + if (tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; }) + NSSUTIL_HANDLE_FINAL_ARG(index) + } + if (parsed->tokens == NULL) { + int count = isFIPS ? 1 : 2; + int i = count - 1; + sftk_token_parameters *tokens = NULL; + + tokens = (sftk_token_parameters *) + PORT_ZAlloc(count * sizeof(sftk_token_parameters)); + if (tokens == NULL) { + goto loser; + } + parsed->tokens = tokens; + parsed->token_count = count; + tokens[i].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID; + tokens[i].certPrefix = certPrefix; + tokens[i].keyPrefix = keyPrefix; + tokens[i].minPW = minPW ? atoi(minPW) : 0; + tokens[i].readOnly = parsed->readOnly; + tokens[i].noCertDB = parsed->noCertDB; + tokens[i].noKeyDB = parsed->noCertDB; + tokens[i].forceOpen = parsed->forceOpen; + tokens[i].pwRequired = parsed->pwRequired; + tokens[i].optimizeSpace = parsed->optimizeSpace; + tokens[0].optimizeSpace = parsed->optimizeSpace; + certPrefix = NULL; + keyPrefix = NULL; + if (isFIPS) { + tokens[i].tokdes = ftokdes; + tokens[i].updtokdes = pupdtokdes; + tokens[i].slotdes = fslotdes; + fslotdes = NULL; + ftokdes = NULL; + pupdtokdes = NULL; + } else { + tokens[i].tokdes = ptokdes; + tokens[i].updtokdes = pupdtokdes; + tokens[i].slotdes = pslotdes; + tokens[0].slotID = NETSCAPE_SLOT_ID; + tokens[0].tokdes = tokdes; + tokens[0].slotdes = slotdes; + tokens[0].noCertDB = PR_TRUE; + tokens[0].noKeyDB = PR_TRUE; + pupdtokdes = NULL; + ptokdes = NULL; + pslotdes = NULL; + tokdes = NULL; + slotdes = NULL; + } + } + +loser: + FREE_CLEAR(certPrefix); + FREE_CLEAR(keyPrefix); + FREE_CLEAR(tokdes); + FREE_CLEAR(ptokdes); + FREE_CLEAR(pupdtokdes); + FREE_CLEAR(slotdes); + FREE_CLEAR(pslotdes); + FREE_CLEAR(fslotdes); + FREE_CLEAR(ftokdes); + FREE_CLEAR(minPW); + return CKR_OK; +} + +void +sftk_freeParams(sftk_parameters *params) +{ + int i; + + for (i = 0; i < params->token_count; i++) { + FREE_CLEAR(params->tokens[i].configdir); + FREE_CLEAR(params->tokens[i].certPrefix); + FREE_CLEAR(params->tokens[i].keyPrefix); + FREE_CLEAR(params->tokens[i].tokdes); + FREE_CLEAR(params->tokens[i].slotdes); + FREE_CLEAR(params->tokens[i].updatedir); + FREE_CLEAR(params->tokens[i].updCertPrefix); + FREE_CLEAR(params->tokens[i].updKeyPrefix); + FREE_CLEAR(params->tokens[i].updateID); + FREE_CLEAR(params->tokens[i].updtokdes); + } + + FREE_CLEAR(params->configdir); + FREE_CLEAR(params->secmodName); + FREE_CLEAR(params->man); + FREE_CLEAR(params->libdes); + FREE_CLEAR(params->tokens); + FREE_CLEAR(params->updatedir); + FREE_CLEAR(params->updateID); +} + +PRBool +sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved) +{ + CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved; + + /* if we don't have any params, the flag isn't set */ + if ((!init_args || !init_args->LibraryParameters)) { + return PR_FALSE; + } + + return NSSUTIL_ArgHasFlag(entry, flag, (const char *)init_args->LibraryParameters); +} |