summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/softoken/sftkpars.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /security/nss/lib/softoken/sftkpars.c
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/softoken/sftkpars.c')
-rw-r--r--security/nss/lib/softoken/sftkpars.c268
1 files changed, 268 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/sftkpars.c b/security/nss/lib/softoken/sftkpars.c
new file mode 100644
index 0000000000..fdd08648fc
--- /dev/null
+++ b/security/nss/lib/softoken/sftkpars.c
@@ -0,0 +1,268 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * The following code handles the storage of PKCS 11 modules used by the
+ * NSS. This file is written to abstract away how the modules are
+ * stored so we can deside that later.
+ */
+#include "pkcs11i.h"
+#include "sdb.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "utilpars.h"
+
+#define FREE_CLEAR(p) \
+ if (p) { \
+ PORT_Free(p); \
+ p = NULL; \
+ }
+
+static void
+sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed)
+{
+ parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
+ parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
+ parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp);
+ parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
+ parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
+ parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
+ return;
+}
+
+static void
+sftk_parseFlags(char *tmp, sftk_parameters *parsed)
+{
+ parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp);
+ parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
+ /* keep legacy interface working */
+ parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
+ parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
+ parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
+ parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
+ return;
+}
+
+static CK_RV
+sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed)
+{
+ int next;
+ char *tmp = NULL;
+ const char *index;
+ index = NSSUTIL_ArgStrip(param);
+
+ while (*index) {
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updCertPrefix, "updateCertPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updKeyPrefix, "updateKeyPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->certPrefix, "certPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->keyPrefix, "keyPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->tokdes, "tokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updtokdes, "updateTokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->slotdes, "slotDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(
+ index, tmp, "minPWLen=",
+ if (tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; })
+ NSSUTIL_HANDLE_STRING_ARG(
+ index, tmp, "flags=",
+ if (tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
+ NSSUTIL_HANDLE_FINAL_ARG(index)
+ }
+ return CKR_OK;
+}
+
+static void
+sftk_parseTokens(char *tokenParams, sftk_parameters *parsed)
+{
+ const char *tokenIndex;
+ sftk_token_parameters *tokens = NULL;
+ int i = 0, count = 0, next;
+
+ if ((tokenParams == NULL) || (*tokenParams == 0))
+ return;
+
+ /* first count the number of slots */
+ for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex;
+ tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
+ count++;
+ }
+
+ /* get the data structures */
+ tokens = (sftk_token_parameters *)
+ PORT_ZAlloc(count * sizeof(sftk_token_parameters));
+ if (tokens == NULL)
+ return;
+
+ for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0;
+ *tokenIndex && i < count; i++) {
+ char *name;
+ name = NSSUTIL_ArgGetLabel(tokenIndex, &next);
+ tokenIndex += next;
+
+ tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name);
+ tokens[i].readOnly = PR_FALSE;
+ tokens[i].noCertDB = PR_FALSE;
+ tokens[i].noKeyDB = PR_FALSE;
+ if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
+ char *args = NSSUTIL_ArgFetchValue(tokenIndex, &next);
+ tokenIndex += next;
+ if (args) {
+ sftk_parseTokenParameters(args, &tokens[i]);
+ PORT_Free(args);
+ }
+ }
+ if (name)
+ PORT_Free(name);
+ tokenIndex = NSSUTIL_ArgStrip(tokenIndex);
+ }
+ parsed->token_count = i;
+ parsed->tokens = tokens;
+ return;
+}
+
+CK_RV
+sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
+{
+ int next;
+ char *tmp = NULL;
+ const char *index;
+ char *certPrefix = NULL, *keyPrefix = NULL;
+ char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL;
+ char *slotdes = NULL, *pslotdes = NULL;
+ char *fslotdes = NULL, *ftokdes = NULL;
+ char *minPW = NULL;
+ index = NSSUTIL_ArgStrip(param);
+
+ PORT_Memset(parsed, 0, sizeof(sftk_parameters));
+
+ while (*index) {
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->secmodName, "secmod=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->man, "manufacturerID=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, parsed->libdes, "libraryDescription=", ;)
+ /* constructed values, used so legacy interfaces still work */
+ NSSUTIL_HANDLE_STRING_ARG(index, certPrefix, "certPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, keyPrefix, "keyPrefix=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, tokdes, "cryptoTokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, ptokdes, "dbTokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, slotdes, "cryptoSlotDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, pslotdes, "dbSlotDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, fslotdes, "FIPSSlotDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, ftokdes, "FIPSTokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, pupdtokdes, "updateTokenDescription=", ;)
+ NSSUTIL_HANDLE_STRING_ARG(index, minPW, "minPWLen=", ;)
+
+ NSSUTIL_HANDLE_STRING_ARG(
+ index, tmp, "flags=",
+ if (tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
+ NSSUTIL_HANDLE_STRING_ARG(
+ index, tmp, "tokens=",
+ if (tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; })
+ NSSUTIL_HANDLE_FINAL_ARG(index)
+ }
+ if (parsed->tokens == NULL) {
+ int count = isFIPS ? 1 : 2;
+ int i = count - 1;
+ sftk_token_parameters *tokens = NULL;
+
+ tokens = (sftk_token_parameters *)
+ PORT_ZAlloc(count * sizeof(sftk_token_parameters));
+ if (tokens == NULL) {
+ goto loser;
+ }
+ parsed->tokens = tokens;
+ parsed->token_count = count;
+ tokens[i].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
+ tokens[i].certPrefix = certPrefix;
+ tokens[i].keyPrefix = keyPrefix;
+ tokens[i].minPW = minPW ? atoi(minPW) : 0;
+ tokens[i].readOnly = parsed->readOnly;
+ tokens[i].noCertDB = parsed->noCertDB;
+ tokens[i].noKeyDB = parsed->noCertDB;
+ tokens[i].forceOpen = parsed->forceOpen;
+ tokens[i].pwRequired = parsed->pwRequired;
+ tokens[i].optimizeSpace = parsed->optimizeSpace;
+ tokens[0].optimizeSpace = parsed->optimizeSpace;
+ certPrefix = NULL;
+ keyPrefix = NULL;
+ if (isFIPS) {
+ tokens[i].tokdes = ftokdes;
+ tokens[i].updtokdes = pupdtokdes;
+ tokens[i].slotdes = fslotdes;
+ fslotdes = NULL;
+ ftokdes = NULL;
+ pupdtokdes = NULL;
+ } else {
+ tokens[i].tokdes = ptokdes;
+ tokens[i].updtokdes = pupdtokdes;
+ tokens[i].slotdes = pslotdes;
+ tokens[0].slotID = NETSCAPE_SLOT_ID;
+ tokens[0].tokdes = tokdes;
+ tokens[0].slotdes = slotdes;
+ tokens[0].noCertDB = PR_TRUE;
+ tokens[0].noKeyDB = PR_TRUE;
+ pupdtokdes = NULL;
+ ptokdes = NULL;
+ pslotdes = NULL;
+ tokdes = NULL;
+ slotdes = NULL;
+ }
+ }
+
+loser:
+ FREE_CLEAR(certPrefix);
+ FREE_CLEAR(keyPrefix);
+ FREE_CLEAR(tokdes);
+ FREE_CLEAR(ptokdes);
+ FREE_CLEAR(pupdtokdes);
+ FREE_CLEAR(slotdes);
+ FREE_CLEAR(pslotdes);
+ FREE_CLEAR(fslotdes);
+ FREE_CLEAR(ftokdes);
+ FREE_CLEAR(minPW);
+ return CKR_OK;
+}
+
+void
+sftk_freeParams(sftk_parameters *params)
+{
+ int i;
+
+ for (i = 0; i < params->token_count; i++) {
+ FREE_CLEAR(params->tokens[i].configdir);
+ FREE_CLEAR(params->tokens[i].certPrefix);
+ FREE_CLEAR(params->tokens[i].keyPrefix);
+ FREE_CLEAR(params->tokens[i].tokdes);
+ FREE_CLEAR(params->tokens[i].slotdes);
+ FREE_CLEAR(params->tokens[i].updatedir);
+ FREE_CLEAR(params->tokens[i].updCertPrefix);
+ FREE_CLEAR(params->tokens[i].updKeyPrefix);
+ FREE_CLEAR(params->tokens[i].updateID);
+ FREE_CLEAR(params->tokens[i].updtokdes);
+ }
+
+ FREE_CLEAR(params->configdir);
+ FREE_CLEAR(params->secmodName);
+ FREE_CLEAR(params->man);
+ FREE_CLEAR(params->libdes);
+ FREE_CLEAR(params->tokens);
+ FREE_CLEAR(params->updatedir);
+ FREE_CLEAR(params->updateID);
+}
+
+PRBool
+sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved)
+{
+ CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved;
+
+ /* if we don't have any params, the flag isn't set */
+ if ((!init_args || !init_args->LibraryParameters)) {
+ return PR_FALSE;
+ }
+
+ return NSSUTIL_ArgHasFlag(entry, flag, (const char *)init_args->LibraryParameters);
+}