summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/shlibsign
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /security/nss/cmd/shlibsign
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/cmd/shlibsign')
-rw-r--r--security/nss/cmd/shlibsign/Makefile101
-rw-r--r--security/nss/cmd/shlibsign/mangle/Makefile65
-rw-r--r--security/nss/cmd/shlibsign/mangle/mangle.c140
-rw-r--r--security/nss/cmd/shlibsign/mangle/mangle.gyp31
-rw-r--r--security/nss/cmd/shlibsign/mangle/manifest.mn24
-rw-r--r--security/nss/cmd/shlibsign/manifest.mn27
-rw-r--r--security/nss/cmd/shlibsign/shlibsign.c1643
-rw-r--r--security/nss/cmd/shlibsign/shlibsign.gyp30
-rw-r--r--security/nss/cmd/shlibsign/sign.cmd25
-rw-r--r--security/nss/cmd/shlibsign/sign.sh51
10 files changed, 2137 insertions, 0 deletions
diff --git a/security/nss/cmd/shlibsign/Makefile b/security/nss/cmd/shlibsign/Makefile
new file mode 100644
index 0000000000..a1192055c1
--- /dev/null
+++ b/security/nss/cmd/shlibsign/Makefile
@@ -0,0 +1,101 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+ $(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+ -L$(NSPR_LIB_DIR) \
+ -lplc4 \
+ -lplds4 \
+ -lnspr4 \
+ $(NULL)
+
+endif
+
+
+# sign any and all shared libraries that contain the word freebl
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+CHECKLIBS =
+CHECKLOC =
+else
+CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+ifndef NSS_DISABLE_DBM
+CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
+endif
+CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+
+MD_LIB_RELEASE_FILES = $(CHECKLOC)
+ALL_TRASH += $(CHECKLOC)
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
+include ../platrules.mk
+
+SRCDIR = $(call core_abspath,.)
+
+%.chk: %.$(DLL_SUFFIX)
+ifeq ($(OS_TARGET), OS2)
+ cd $(OBJDIR) ; cmd.exe /c $(SRCDIR)/sign.cmd $(DIST) \
+ $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+ $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+else
+ ifeq ($(CROSS_COMPILE),1)
+ # do nothing
+ else
+ cd $(OBJDIR) ; sh $(SRCDIR)/sign.sh $(call core_abspath,$(DIST)) \
+ $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+ $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+ endif
+endif
+
+libs: install
+ifdef CHECKLOC
+ $(MAKE) $(CHECKLOC)
+endif
diff --git a/security/nss/cmd/shlibsign/mangle/Makefile b/security/nss/cmd/shlibsign/mangle/Makefile
new file mode 100644
index 0000000000..b52243e01c
--- /dev/null
+++ b/security/nss/cmd/shlibsign/mangle/Makefile
@@ -0,0 +1,65 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+ $(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+ -L$(NSPR_LIB_DIR) \
+ -lplc4 \
+ -lplds4 \
+ -lnspr4 \
+ $(NULL)
+
+endif
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
+include ../../platrules.mk
+
diff --git a/security/nss/cmd/shlibsign/mangle/mangle.c b/security/nss/cmd/shlibsign/mangle/mangle.c
new file mode 100644
index 0000000000..e58bbee410
--- /dev/null
+++ b/security/nss/cmd/shlibsign/mangle/mangle.c
@@ -0,0 +1,140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test program to mangle 1 bit in a binary
+ */
+
+#include "nspr.h"
+#include "plstr.h"
+#include "plgetopt.h"
+#include "prio.h"
+
+static PRFileDesc *pr_stderr;
+static void
+usage(char *program_name)
+{
+
+ PR_fprintf(pr_stderr, "Usage:");
+ PR_fprintf(pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name);
+}
+
+int
+main(int argc, char **argv)
+{
+ /* buffers and locals */
+ PLOptState *optstate;
+ char *programName;
+ char cbuf;
+
+ /* parameter set variables */
+ const char *libFile = NULL;
+ int bitOffset = -1;
+
+ /* return values */
+ int retval = 2; /* 0 - test succeeded.
+ * 1 - illegal args
+ * 2 - function failed */
+ PRFileDesc *fd = NULL;
+ int bytesRead;
+ int bytesWritten;
+ PROffset32 offset = -1;
+ PROffset32 pos;
+
+ programName = PL_strrchr(argv[0], '/');
+ programName = programName ? (programName + 1) : argv[0];
+
+ pr_stderr = PR_STDERR;
+
+ optstate = PL_CreateOptState(argc, argv, "i:o:b:");
+ if (optstate == NULL) {
+ return 1;
+ }
+
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+ switch (optstate->option) {
+ case 'i':
+ libFile = optstate->value;
+ break;
+
+ case 'o':
+ offset = atoi(optstate->value);
+ break;
+
+ case 'b':
+ bitOffset = atoi(optstate->value);
+ break;
+ }
+ }
+
+ if (libFile == NULL) {
+ usage(programName);
+ return 1;
+ }
+ if ((bitOffset >= 8) || (bitOffset < 0)) {
+ usage(programName);
+ return 1;
+ }
+
+ /* open the target signature file */
+ fd = PR_OpenFile(libFile, PR_RDWR, 0666);
+ if (fd == NULL) {
+ /* lperror(libFile); */
+ PR_fprintf(pr_stderr, "Couldn't Open %s\n", libFile);
+ goto loser;
+ }
+
+ if (offset < 0) { /* convert to positive offset */
+ pos = PR_Seek(fd, offset, PR_SEEK_END);
+ if (pos == -1) {
+ PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
+ }
+ offset = pos;
+ }
+
+ /* read the byte */
+ pos = PR_Seek(fd, offset, PR_SEEK_SET);
+ if (pos != offset) {
+ PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
+ }
+ bytesRead = PR_Read(fd, &cbuf, 1);
+ if (bytesRead != 1) {
+ PR_fprintf(pr_stderr, "Read on %s (to %d) failed\n", libFile, offset);
+ goto loser;
+ }
+
+ PR_fprintf(pr_stderr, "Changing byte 0x%08x (%d): from %02x (%d) to ",
+ offset, offset, (unsigned char)cbuf, (unsigned char)cbuf);
+ /* change it */
+ cbuf ^= 1 << bitOffset;
+ PR_fprintf(pr_stderr, "%02x (%d)\n",
+ (unsigned char)cbuf, (unsigned char)cbuf);
+
+ /* write it back out */
+ pos = PR_Seek(fd, offset, PR_SEEK_SET);
+ if (pos != offset) {
+ PR_fprintf(pr_stderr, "Seek for write on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
+ }
+ bytesWritten = PR_Write(fd, &cbuf, 1);
+ if (bytesWritten != 1) {
+ PR_fprintf(pr_stderr, "Write on %s (to %d) failed\n", libFile, offset);
+ goto loser;
+ }
+
+ retval = 0;
+
+loser:
+ if (fd)
+ PR_Close(fd);
+ PR_Cleanup();
+ return retval;
+}
+
+/*#DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" */
diff --git a/security/nss/cmd/shlibsign/mangle/mangle.gyp b/security/nss/cmd/shlibsign/mangle/mangle.gyp
new file mode 100644
index 0000000000..1dd5c10d7c
--- /dev/null
+++ b/security/nss/cmd/shlibsign/mangle/mangle.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../../coreconf/config.gypi',
+ '../../../cmd/platlibs.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'mangle',
+ 'type': 'executable',
+ 'sources': [
+ 'mangle.c'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ]
+ }
+ ],
+ 'target_defaults': {
+ 'defines': [
+ 'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+ 'SHLIB_PREFIX=\"<(dll_prefix)\"'
+ ]
+ },
+ 'variables': {
+ 'module': 'nss',
+ 'use_static_libs': 1
+ }
+} \ No newline at end of file
diff --git a/security/nss/cmd/shlibsign/mangle/manifest.mn b/security/nss/cmd/shlibsign/mangle/manifest.mn
new file mode 100644
index 0000000000..40b4841cb1
--- /dev/null
+++ b/security/nss/cmd/shlibsign/mangle/manifest.mn
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\"
+
+CSRCS = \
+ mangle.c \
+ $(NULL)
+
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES =
+
+PROGRAM = mangle
+
+USE_STATIC_LIBS = 1
+
diff --git a/security/nss/cmd/shlibsign/manifest.mn b/security/nss/cmd/shlibsign/manifest.mn
new file mode 100644
index 0000000000..95f8765b36
--- /dev/null
+++ b/security/nss/cmd/shlibsign/manifest.mn
@@ -0,0 +1,27 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\"
+
+CSRCS = \
+ shlibsign.c \
+ $(NULL)
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = shlibsign
+
+DIRS = mangle
+
+#USE_STATIC_LIBS = 1
diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c
new file mode 100644
index 0000000000..5745426ba4
--- /dev/null
+++ b/security/nss/cmd/shlibsign/shlibsign.c
@@ -0,0 +1,1643 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * shlibsign creates the checksum (.chk) files for the NSS libraries,
+ * libsoftokn3/softokn3 and libfreebl/freebl (platforms can have
+ * multiple freebl variants), that contain the NSS cryptograhic boundary.
+ *
+ * The generated .chk files must be put in the same directory as
+ * the NSS libraries they were generated for.
+ *
+ * When in FIPS 140 mode, the NSS Internal FIPS PKCS #11 Module will
+ * compute the checksum for the NSS cryptographic boundary libraries
+ * and compare the checksum with the value in .chk file.
+ */
+
+#ifdef XP_UNIX
+#define USES_LINKS 1
+#endif
+
+#define COMPAT_MAJOR 0x01
+#define COMPAT_MINOR 0x02
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#ifdef USES_LINKS
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+/* nspr headers */
+#include "prlink.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "plgetopt.h"
+#include "prinit.h"
+#include "prmem.h"
+#include "plstr.h"
+#include "prerror.h"
+
+/* softoken headers */
+#include "pkcs11.h"
+#include "pkcs11t.h"
+
+/* freebl headers */
+#include "shsign.h"
+
+/* nss headers for definition of HASH_HashType */
+#include "hasht.h"
+
+CK_BBOOL cktrue = CK_TRUE;
+CK_BBOOL ckfalse = CK_FALSE;
+static PRBool verbose = PR_FALSE;
+static PRBool verify = PR_FALSE;
+static PRBool compat = PR_FALSE;
+
+typedef struct HashTableStruct {
+ char *name;
+ CK_MECHANISM_TYPE hash;
+ CK_MECHANISM_TYPE hmac;
+ CK_KEY_TYPE keyType;
+ HASH_HashType hashType;
+ CK_ULONG hashLength;
+} HashTable;
+
+#define CKR_INTERNAL_OUT_FAILURE 0x80111111
+#define CKR_INTERNAL_IN_FAILURE 0x80222222
+#define CKM_SHA1 CKM_SHA_1
+#define CKM_SHA1_HMAC CKM_SHA_1_HMAC
+#define CKK_SHA1_HMAC CKK_SHA_1_HMAC
+#define MKHASH(name, mech) \
+ { \
+ name, CKM_##mech, CKM_##mech##_HMAC, \
+ CKK_##mech##_HMAC, HASH_Alg##mech, mech##_LENGTH \
+ }
+static HashTable hashTable[] = {
+ MKHASH("sha-1", SHA1), MKHASH("sha1", SHA1), MKHASH("sha224", SHA224),
+ MKHASH("sha256", SHA256), MKHASH("sha384", SHA384),
+ MKHASH("sha512", SHA512)
+};
+static size_t hashTableSize = PR_ARRAY_SIZE(hashTable);
+
+const HashTable *
+findHash(const char *hashName)
+{
+ int i;
+
+ for (i = 0; i < hashTableSize; i++) {
+ if (PL_strcasecmp(hashTable[i].name, hashName) == 0) {
+ return &hashTable[i];
+ }
+ }
+ return NULL;
+}
+
+static void
+usage(const char *program_name)
+{
+ int i;
+ const char *comma = "";
+ PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
+ PR_fprintf(debug_out,
+ "type %s -H for more detail information.\n", program_name);
+ PR_fprintf(debug_out,
+ "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
+ " [-F] [-p pwd] -[P dbprefix ] [-t hash]"
+ " [-D] [-k keysize] [-c]"
+ "-i shared_library_name\n",
+ program_name);
+ PR_fprintf(debug_out, "Valid Hashes: ");
+ for (i = 0; i < hashTableSize; i++) {
+ PR_fprintf(debug_out, "%s%s", comma, hashTable[i].name);
+ comma = ", ";
+ }
+ PR_fprintf(debug_out, "\n");
+ exit(1);
+}
+
+static void
+long_usage(const char *program_name)
+{
+ PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
+ int i;
+ const char *comma = "";
+ PR_fprintf(debug_out, "%s test program usage:\n", program_name);
+ PR_fprintf(debug_out, "\t-i <infile> shared_library_name to process\n");
+ PR_fprintf(debug_out, "\t-o <outfile> checksum outfile\n");
+ PR_fprintf(debug_out, "\t-d <path> database path location\n");
+ PR_fprintf(debug_out, "\t-t <hash> Hash for HMAC/or DSA\n");
+ PR_fprintf(debug_out, "\t-D Sign with DSA rather than HMAC\n");
+ PR_fprintf(debug_out, "\t-k <keysize> size of the DSA key\n");
+ PR_fprintf(debug_out, "\t-c Use compatible versions for old NSS\n");
+ PR_fprintf(debug_out, "\t-P <prefix> database prefix\n");
+ PR_fprintf(debug_out, "\t-f <file> password File : echo pw > file \n");
+ PR_fprintf(debug_out, "\t-F FIPS mode\n");
+ PR_fprintf(debug_out, "\t-p <pwd> password\n");
+ PR_fprintf(debug_out, "\t-v verbose output\n");
+ PR_fprintf(debug_out, "\t-V perform Verify operations\n");
+ PR_fprintf(debug_out, "\t-? short help message\n");
+ PR_fprintf(debug_out, "\t-h short help message\n");
+ PR_fprintf(debug_out, "\t-H this help message\n");
+ PR_fprintf(debug_out, "\n\n\tNote: Use of FIPS mode requires your ");
+ PR_fprintf(debug_out, "library path is using \n");
+ PR_fprintf(debug_out, "\t pre-existing libraries with generated ");
+ PR_fprintf(debug_out, "checksum files\n");
+ PR_fprintf(debug_out, "\t and database in FIPS mode \n");
+ PR_fprintf(debug_out, "Valid Hashes: ");
+ for (i = 0; i < hashTableSize; i++) {
+ PR_fprintf(debug_out, "%s%s", comma, hashTable[i].name);
+ comma = ", ";
+ }
+ PR_fprintf(debug_out, "\n");
+ exit(1);
+}
+
+static char *
+mkoutput(const char *input)
+{
+ int in_len = strlen(input);
+ char *output = PR_Malloc(in_len + sizeof(SGN_SUFFIX));
+ int index = in_len + 1 - sizeof("." SHLIB_SUFFIX);
+
+ if ((index > 0) &&
+ (PL_strncmp(&input[index],
+ "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
+ in_len = index;
+ }
+ memcpy(output, input, in_len);
+ memcpy(&output[in_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
+ return output;
+}
+
+static void
+lperror(const char *string)
+{
+ PRErrorCode errorcode;
+
+ errorcode = PR_GetError();
+ PR_fprintf(PR_STDERR, "%s: %d: %s\n", string, errorcode,
+ PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+}
+
+static void
+encodeInt(unsigned char *buf, int val)
+{
+ buf[3] = (val >> 0) & 0xff;
+ buf[2] = (val >> 8) & 0xff;
+ buf[1] = (val >> 16) & 0xff;
+ buf[0] = (val >> 24) & 0xff;
+ return;
+}
+
+static PRStatus
+writeItem(PRFileDesc *fd, CK_VOID_PTR pValue, CK_ULONG ulValueLen)
+{
+ unsigned char buf[4];
+ int bytesWritten;
+ if (ulValueLen == 0) {
+ PR_fprintf(PR_STDERR, "call to writeItem with 0 bytes of data.\n");
+ return PR_FAILURE;
+ }
+
+ encodeInt(buf, ulValueLen);
+ bytesWritten = PR_Write(fd, buf, 4);
+ if (bytesWritten != 4) {
+ return PR_FAILURE;
+ }
+ bytesWritten = PR_Write(fd, pValue, ulValueLen);
+ if (bytesWritten < 0 || (CK_ULONG)bytesWritten != ulValueLen) {
+ return PR_FAILURE;
+ }
+ return PR_SUCCESS;
+}
+
+static const unsigned char prime[] = { 0x00,
+ 0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
+ 0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
+ 0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
+ 0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
+ 0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
+ 0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
+ 0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
+ 0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
+ 0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
+ 0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
+ 0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
+ 0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
+ 0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
+ 0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
+ 0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
+ 0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
+
+static const unsigned char subprime[] = { 0x0,
+ 0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
+ 0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
+ 0x0b, 0x31, 0x24, 0xf1 };
+
+static const unsigned char base[] = {
+ 0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
+ 0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
+ 0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
+ 0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
+ 0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
+ 0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
+ 0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
+ 0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
+ 0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
+ 0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
+ 0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
+ 0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
+ 0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
+ 0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
+ 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
+ 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f
+};
+
+/*
+ * The constants h, seed, & counter aren't used in the code; they're provided
+ * here (commented-out) so that human readers can verify that our our PQG
+ * parameters were generated properly.
+static const unsigned char h[] = {
+ 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
+ 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
+ 0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
+ 0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
+ 0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
+ 0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
+ 0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
+ 0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
+ 0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
+ 0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
+ 0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
+ 0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
+ 0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
+ 0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
+ 0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
+ 0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };
+
+static const unsigned char seed[] = { 0x00,
+ 0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
+ 0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
+ 0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
+ 0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
+ 0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
+ 0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
+ 0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
+ 0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
+ 0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
+ 0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
+ 0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
+ 0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
+ 0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
+ 0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
+ 0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
+ 0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };
+
+static const unsigned int counter=1496;
+ */
+
+static const unsigned char prime2[] = { 0x00,
+ 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae,
+ 0xa0, 0xb1, 0x47, 0x43, 0xa8, 0x15, 0xee, 0xad,
+ 0xa3, 0x98, 0xa3, 0x29, 0x45, 0xae, 0x5c, 0xd9,
+ 0x12, 0x99, 0x09, 0xdc, 0xef, 0x05, 0xb4, 0x98,
+ 0x05, 0xaa, 0x07, 0xaa, 0x83, 0x89, 0xd7, 0xba,
+ 0xd1, 0x25, 0x56, 0x58, 0xd1, 0x73, 0x3c, 0xd0,
+ 0x91, 0x65, 0xbe, 0x27, 0x92, 0x94, 0x86, 0x95,
+ 0xdb, 0xcf, 0x07, 0x13, 0xa0, 0x85, 0xd6, 0xaa,
+ 0x6c, 0x1d, 0x63, 0xbf, 0xdd, 0xdf, 0xbc, 0x30,
+ 0xeb, 0x42, 0x2f, 0x52, 0x11, 0xec, 0x6e, 0x65,
+ 0xdf, 0x50, 0xbe, 0x28, 0x3d, 0xa4, 0xec, 0x45,
+ 0x19, 0x4c, 0x13, 0x0f, 0x59, 0x74, 0x57, 0x69,
+ 0x99, 0x4f, 0x4a, 0x74, 0x7f, 0x8c, 0x9e, 0xa2,
+ 0xe7, 0x94, 0xc9, 0x70, 0x70, 0xd0, 0xc4, 0xda,
+ 0x49, 0x5b, 0x7a, 0x7d, 0xd9, 0x71, 0x7c, 0x3b,
+ 0xdc, 0xd2, 0x8a, 0x74, 0x5f, 0xce, 0x09, 0xa2,
+ 0xdb, 0xec, 0xa4, 0xba, 0x75, 0xaa, 0x0a, 0x97,
+ 0xa6, 0x82, 0x25, 0x90, 0x90, 0x37, 0xe4, 0x40,
+ 0x05, 0x28, 0x8f, 0x98, 0x8e, 0x68, 0x01, 0xaf,
+ 0x9b, 0x08, 0x2a, 0x9b, 0xd5, 0xb9, 0x8c, 0x14,
+ 0xbf, 0xba, 0xcb, 0x5b, 0xda, 0x4c, 0x95, 0xb8,
+ 0xdf, 0x67, 0xa6, 0x6b, 0x76, 0x8c, 0xad, 0x4f,
+ 0xfd, 0x6a, 0xd6, 0xcc, 0x62, 0x71, 0x30, 0x30,
+ 0xc1, 0x29, 0x84, 0xe4, 0x8e, 0x32, 0x51, 0xb6,
+ 0xea, 0xfa, 0xba, 0x00, 0x99, 0x76, 0xea, 0x86,
+ 0x90, 0xab, 0x2d, 0xe9, 0xfd, 0x1e, 0x8c, 0xcc,
+ 0x3c, 0x2b, 0x5d, 0x13, 0x1b, 0x47, 0xb4, 0xf5,
+ 0x09, 0x74, 0x1d, 0xd4, 0x78, 0xb2, 0x42, 0x19,
+ 0xd6, 0x24, 0xd1, 0x68, 0xbf, 0x11, 0xf1, 0x38,
+ 0xa0, 0x44, 0x9c, 0xc6, 0x51, 0x33, 0xaa, 0x42,
+ 0x93, 0x9e, 0x30, 0x58, 0x9e, 0xc0, 0x70, 0xdf,
+ 0x7e, 0x64, 0xb1, 0xd8, 0x68, 0x75, 0x98, 0xa7 };
+
+static const unsigned char subprime2[] = { 0x00,
+ 0x8e, 0xab, 0xf4, 0xbe, 0x45, 0xeb, 0xa3, 0x58,
+ 0x4e, 0x60, 0x15, 0x66, 0x5a, 0x4b, 0x25, 0xcf,
+ 0x45, 0x77, 0x89, 0x3f, 0x73, 0x34, 0x4a, 0xe0,
+ 0x9e, 0xac, 0xfd, 0xdc, 0xff, 0x9c, 0x8d, 0xe7 };
+
+static const unsigned char base2[] = { 0x00,
+ 0x8d, 0x72, 0x32, 0x46, 0xa6, 0x5c, 0x80, 0xe3,
+ 0x43, 0x0a, 0x9e, 0x94, 0x35, 0x86, 0xd4, 0x58,
+ 0xa1, 0xca, 0x22, 0xb9, 0x73, 0x46, 0x0b, 0xfb,
+ 0x3e, 0x33, 0xf1, 0xd5, 0xd3, 0xb4, 0x26, 0xbf,
+ 0x50, 0xd7, 0xf2, 0x09, 0x33, 0x6e, 0xc0, 0x31,
+ 0x1b, 0x6d, 0x07, 0x70, 0x86, 0xca, 0x57, 0xf7,
+ 0x0b, 0x4a, 0x63, 0xf0, 0x6f, 0xc8, 0x8a, 0xed,
+ 0x50, 0x60, 0xf3, 0x11, 0xc7, 0x44, 0xf3, 0xce,
+ 0x4e, 0x50, 0x42, 0x2d, 0x85, 0x33, 0x54, 0x57,
+ 0x03, 0x8d, 0xdc, 0x66, 0x4d, 0x61, 0x83, 0x17,
+ 0x1c, 0x7b, 0x0d, 0x65, 0xbc, 0x8f, 0x2c, 0x19,
+ 0x86, 0xfc, 0xe2, 0x9f, 0x5d, 0x67, 0xfc, 0xd4,
+ 0xa5, 0xf8, 0x23, 0xa1, 0x1a, 0xa2, 0xe1, 0x11,
+ 0x15, 0x84, 0x32, 0x01, 0xee, 0x88, 0xf1, 0x55,
+ 0x30, 0xe9, 0x74, 0x3c, 0x1a, 0x2b, 0x54, 0x45,
+ 0x2e, 0x39, 0xb9, 0x77, 0xe1, 0x32, 0xaf, 0x2d,
+ 0x97, 0xe0, 0x21, 0xec, 0xf5, 0x58, 0xe1, 0xc7,
+ 0x2e, 0xe0, 0x71, 0x3d, 0x29, 0xa4, 0xd6, 0xe2,
+ 0x5f, 0x85, 0x9c, 0x05, 0x04, 0x46, 0x41, 0x89,
+ 0x03, 0x3c, 0xfa, 0xb2, 0xcf, 0xfa, 0xd5, 0x67,
+ 0xcc, 0xec, 0x68, 0xfc, 0x83, 0xd9, 0x1f, 0x2e,
+ 0x4e, 0x9a, 0x5e, 0x77, 0xa1, 0xff, 0xe6, 0x6f,
+ 0x04, 0x8b, 0xf9, 0x6b, 0x47, 0xc6, 0x49, 0xd2,
+ 0x88, 0x6e, 0x29, 0xa3, 0x1b, 0xae, 0xe0, 0x4f,
+ 0x72, 0x8a, 0x28, 0x94, 0x0c, 0x1d, 0x8c, 0x99,
+ 0xa2, 0x6f, 0xf8, 0xba, 0x99, 0x90, 0xc7, 0xe5,
+ 0xb1, 0x3c, 0x10, 0x34, 0x86, 0x6a, 0x6a, 0x1f,
+ 0x39, 0x63, 0x58, 0xe1, 0x5e, 0x97, 0x95, 0x45,
+ 0x40, 0x38, 0x45, 0x6f, 0x02, 0xb5, 0x86, 0x6e,
+ 0xae, 0x2f, 0x32, 0x7e, 0xa1, 0x3a, 0x34, 0x2c,
+ 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa,
+ 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f };
+
+/*
+ * The constants h2, seed2, & counter2 aren't used in the code; they're provided
+ * here (commented-out) so that human readers can verify that our our PQG
+ * parameters were generated properly.
+static const unsigned char h2[] = {
+ 0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7,
+ 0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37,
+ 0xda, 0xc5, 0xe3, 0x47, 0xb5, 0x35, 0x4b, 0xfd,
+ 0x18, 0xb2, 0x7e, 0x67, 0x1e, 0x92, 0x22, 0xe7,
+ 0xf5, 0x00, 0x71, 0xc0, 0x86, 0x8d, 0x90, 0x31,
+ 0x36, 0x3e, 0xd0, 0x94, 0x5d, 0x2f, 0x9a, 0x68,
+ 0xd2, 0xf8, 0x3d, 0x5e, 0x84, 0x42, 0x35, 0xda,
+ 0x75, 0xdd, 0x05, 0xf0, 0x03, 0x31, 0x39, 0xe5,
+ 0xfd, 0x2f, 0x5a, 0x7d, 0x56, 0xd8, 0x26, 0xa0,
+ 0x51, 0x5e, 0x32, 0xb4, 0xad, 0xee, 0xd4, 0x89,
+ 0xae, 0x01, 0x7f, 0xac, 0x86, 0x98, 0x77, 0x26,
+ 0x5c, 0x31, 0xd2, 0x5e, 0xbb, 0x7f, 0xf5, 0x4c,
+ 0x9b, 0xf0, 0xa6, 0x37, 0x34, 0x08, 0x86, 0x6b,
+ 0xce, 0xeb, 0x85, 0x66, 0x0a, 0x26, 0x8a, 0x14,
+ 0x92, 0x12, 0x74, 0xf4, 0xf0, 0xcb, 0xb5, 0xfc,
+ 0x38, 0xd5, 0x1e, 0xa1, 0x2f, 0x4a, 0x1a, 0xca,
+ 0x66, 0xde, 0x6e, 0xe6, 0x6e, 0x1c, 0xef, 0x50,
+ 0x41, 0x31, 0x09, 0xe7, 0x4a, 0xb8, 0xa3, 0xaa,
+ 0x5a, 0x22, 0xbd, 0x63, 0x0f, 0xe9, 0x0e, 0xdb,
+ 0xb3, 0xca, 0x7e, 0x8d, 0x40, 0xb3, 0x3e, 0x0b,
+ 0x12, 0x8b, 0xb0, 0x80, 0x4d, 0x6d, 0xb0, 0x54,
+ 0xbb, 0x4c, 0x1d, 0x6c, 0xa0, 0x5c, 0x9d, 0x91,
+ 0xb3, 0xbb, 0xd9, 0xfc, 0x60, 0xec, 0xc1, 0xbc,
+ 0xae, 0x72, 0x3f, 0xa5, 0x4f, 0x36, 0x2d, 0x2c,
+ 0x81, 0x03, 0x86, 0xa2, 0x03, 0x38, 0x36, 0x8e,
+ 0xad, 0x1d, 0x53, 0xc6, 0xc5, 0x9e, 0xda, 0x08,
+ 0x35, 0x4f, 0xb2, 0x78, 0xba, 0xd1, 0x22, 0xde,
+ 0xc4, 0x6b, 0xbe, 0x83, 0x71, 0x0f, 0xee, 0x38,
+ 0x4a, 0x9f, 0xda, 0x90, 0x93, 0x6b, 0x9a, 0xf2,
+ 0xeb, 0x23, 0xfe, 0x41, 0x3f, 0xf1, 0xfc, 0xee,
+ 0x7f, 0x67, 0xa7, 0xb8, 0xab, 0x29, 0xf4, 0x75,
+ 0x1c, 0xe9, 0xd1, 0x47, 0x7d, 0x86, 0x44, 0xe2 };
+
+static const unsigned char seed2[] = { 0x00,
+ 0xbc, 0xae, 0xc4, 0xea, 0x4e, 0xd2, 0xed, 0x1c,
+ 0x8d, 0x48, 0xed, 0xf2, 0xa5, 0xb4, 0x18, 0xba,
+ 0x00, 0xcb, 0x9c, 0x75, 0x8a, 0x39, 0x94, 0x3b,
+ 0xd0, 0xd6, 0x01, 0xf7, 0xc1, 0xf5, 0x9d, 0xe5,
+ 0xe3, 0xb4, 0x1d, 0xf5, 0x30, 0xfe, 0x99, 0xe4,
+ 0x01, 0xab, 0xc0, 0x88, 0x4e, 0x67, 0x8f, 0xc6,
+ 0x72, 0x39, 0x2e, 0xac, 0x51, 0xec, 0x91, 0x41,
+ 0x47, 0x71, 0x14, 0x8a, 0x1d, 0xca, 0x88, 0x15,
+ 0xea, 0xc9, 0x48, 0x9a, 0x71, 0x50, 0x19, 0x38,
+ 0xdb, 0x4e, 0x65, 0xd5, 0x13, 0xd8, 0x2a, 0xc4,
+ 0xcd, 0xfd, 0x0c, 0xe3, 0xc3, 0x60, 0xae, 0x6d,
+ 0x88, 0xf2, 0x3a, 0xd0, 0x64, 0x73, 0x32, 0x89,
+ 0xcd, 0x0b, 0xb8, 0xc7, 0xa5, 0x27, 0x84, 0xd5,
+ 0x83, 0x3f, 0x0e, 0x10, 0x63, 0x10, 0x78, 0xac,
+ 0x6b, 0x56, 0xb2, 0x62, 0x3a, 0x44, 0x56, 0xc0,
+ 0xe4, 0x33, 0xd7, 0x63, 0x4c, 0xc9, 0x6b, 0xae,
+ 0xfb, 0xe2, 0x9b, 0xf4, 0x96, 0xc7, 0xf0, 0x2a,
+ 0x50, 0xde, 0x86, 0x69, 0x4f, 0x42, 0x4b, 0x1c,
+ 0x7c, 0xa8, 0x6a, 0xfb, 0x54, 0x47, 0x1b, 0x41,
+ 0x31, 0x9e, 0x0a, 0xc6, 0xc0, 0xbc, 0x88, 0x7f,
+ 0x5a, 0x42, 0xa9, 0x82, 0x58, 0x32, 0xb3, 0xeb,
+ 0x54, 0x83, 0x84, 0x26, 0x92, 0xa6, 0xc0, 0x6e,
+ 0x2b, 0xa6, 0x82, 0x82, 0x43, 0x58, 0x84, 0x53,
+ 0x31, 0xcf, 0xd0, 0x0a, 0x11, 0x09, 0x44, 0xc8,
+ 0x11, 0x36, 0xe0, 0x04, 0x85, 0x2e, 0xd1, 0x29,
+ 0x6b, 0x7b, 0x00, 0x71, 0x5f, 0xef, 0x7b, 0x7a,
+ 0x2d, 0x91, 0xf9, 0x84, 0x45, 0x4d, 0xc7, 0xe1,
+ 0xee, 0xd4, 0xb8, 0x61, 0x3b, 0x13, 0xb7, 0xba,
+ 0x95, 0x39, 0xf6, 0x3d, 0x89, 0xbd, 0xa5, 0x80,
+ 0x93, 0xf7, 0xe5, 0x17, 0x05, 0xc5, 0x65, 0xb7,
+ 0xde, 0xc9, 0x9f, 0x04, 0x87, 0xcf, 0x4f, 0x86,
+ 0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde };
+
+static const unsigned int counter2=210;
+ */
+
+struct tuple_str {
+ CK_RV errNum;
+ const char *errString;
+};
+
+typedef struct tuple_str tuple_str;
+
+static const tuple_str errStrings[] = {
+ { CKR_OK, "CKR_OK " },
+ { CKR_CANCEL, "CKR_CANCEL " },
+ { CKR_HOST_MEMORY, "CKR_HOST_MEMORY " },
+ { CKR_SLOT_ID_INVALID, "CKR_SLOT_ID_INVALID " },
+ { CKR_GENERAL_ERROR, "CKR_GENERAL_ERROR " },
+ { CKR_FUNCTION_FAILED, "CKR_FUNCTION_FAILED " },
+ { CKR_ARGUMENTS_BAD, "CKR_ARGUMENTS_BAD " },
+ { CKR_NO_EVENT, "CKR_NO_EVENT " },
+ { CKR_NEED_TO_CREATE_THREADS, "CKR_NEED_TO_CREATE_THREADS " },
+ { CKR_CANT_LOCK, "CKR_CANT_LOCK " },
+ { CKR_ATTRIBUTE_READ_ONLY, "CKR_ATTRIBUTE_READ_ONLY " },
+ { CKR_ATTRIBUTE_SENSITIVE, "CKR_ATTRIBUTE_SENSITIVE " },
+ { CKR_ATTRIBUTE_TYPE_INVALID, "CKR_ATTRIBUTE_TYPE_INVALID " },
+ { CKR_ATTRIBUTE_VALUE_INVALID, "CKR_ATTRIBUTE_VALUE_INVALID " },
+ { CKR_DATA_INVALID, "CKR_DATA_INVALID " },
+ { CKR_DATA_LEN_RANGE, "CKR_DATA_LEN_RANGE " },
+ { CKR_DEVICE_ERROR, "CKR_DEVICE_ERROR " },
+ { CKR_DEVICE_MEMORY, "CKR_DEVICE_MEMORY " },
+ { CKR_DEVICE_REMOVED, "CKR_DEVICE_REMOVED " },
+ { CKR_ENCRYPTED_DATA_INVALID, "CKR_ENCRYPTED_DATA_INVALID " },
+ { CKR_ENCRYPTED_DATA_LEN_RANGE, "CKR_ENCRYPTED_DATA_LEN_RANGE " },
+ { CKR_FUNCTION_CANCELED, "CKR_FUNCTION_CANCELED " },
+ { CKR_FUNCTION_NOT_PARALLEL, "CKR_FUNCTION_NOT_PARALLEL " },
+ { CKR_FUNCTION_NOT_SUPPORTED, "CKR_FUNCTION_NOT_SUPPORTED " },
+ { CKR_KEY_HANDLE_INVALID, "CKR_KEY_HANDLE_INVALID " },
+ { CKR_KEY_SIZE_RANGE, "CKR_KEY_SIZE_RANGE " },
+ { CKR_KEY_TYPE_INCONSISTENT, "CKR_KEY_TYPE_INCONSISTENT " },
+ { CKR_KEY_NOT_NEEDED, "CKR_KEY_NOT_NEEDED " },
+ { CKR_KEY_CHANGED, "CKR_KEY_CHANGED " },
+ { CKR_KEY_NEEDED, "CKR_KEY_NEEDED " },
+ { CKR_KEY_INDIGESTIBLE, "CKR_KEY_INDIGESTIBLE " },
+ { CKR_KEY_FUNCTION_NOT_PERMITTED, "CKR_KEY_FUNCTION_NOT_PERMITTED " },
+ { CKR_KEY_NOT_WRAPPABLE, "CKR_KEY_NOT_WRAPPABLE " },
+ { CKR_KEY_UNEXTRACTABLE, "CKR_KEY_UNEXTRACTABLE " },
+ { CKR_MECHANISM_INVALID, "CKR_MECHANISM_INVALID " },
+ { CKR_MECHANISM_PARAM_INVALID, "CKR_MECHANISM_PARAM_INVALID " },
+ { CKR_OBJECT_HANDLE_INVALID, "CKR_OBJECT_HANDLE_INVALID " },
+ { CKR_OPERATION_ACTIVE, "CKR_OPERATION_ACTIVE " },
+ { CKR_OPERATION_NOT_INITIALIZED, "CKR_OPERATION_NOT_INITIALIZED " },
+ { CKR_PIN_INCORRECT, "CKR_PIN_INCORRECT " },
+ { CKR_PIN_INVALID, "CKR_PIN_INVALID " },
+ { CKR_PIN_LEN_RANGE, "CKR_PIN_LEN_RANGE " },
+ { CKR_PIN_EXPIRED, "CKR_PIN_EXPIRED " },
+ { CKR_PIN_LOCKED, "CKR_PIN_LOCKED " },
+ { CKR_SESSION_CLOSED, "CKR_SESSION_CLOSED " },
+ { CKR_SESSION_COUNT, "CKR_SESSION_COUNT " },
+ { CKR_SESSION_HANDLE_INVALID, "CKR_SESSION_HANDLE_INVALID " },
+ { CKR_SESSION_PARALLEL_NOT_SUPPORTED, "CKR_SESSION_PARALLEL_NOT_SUPPORTED " },
+ { CKR_SESSION_READ_ONLY, "CKR_SESSION_READ_ONLY " },
+ { CKR_SESSION_EXISTS, "CKR_SESSION_EXISTS " },
+ { CKR_SESSION_READ_ONLY_EXISTS, "CKR_SESSION_READ_ONLY_EXISTS " },
+ { CKR_SESSION_READ_WRITE_SO_EXISTS, "CKR_SESSION_READ_WRITE_SO_EXISTS " },
+ { CKR_SIGNATURE_INVALID, "CKR_SIGNATURE_INVALID " },
+ { CKR_SIGNATURE_LEN_RANGE, "CKR_SIGNATURE_LEN_RANGE " },
+ { CKR_TEMPLATE_INCOMPLETE, "CKR_TEMPLATE_INCOMPLETE " },
+ { CKR_TEMPLATE_INCONSISTENT, "CKR_TEMPLATE_INCONSISTENT " },
+ { CKR_TOKEN_NOT_PRESENT, "CKR_TOKEN_NOT_PRESENT " },
+ { CKR_TOKEN_NOT_RECOGNIZED, "CKR_TOKEN_NOT_RECOGNIZED " },
+ { CKR_TOKEN_WRITE_PROTECTED, "CKR_TOKEN_WRITE_PROTECTED " },
+ { CKR_UNWRAPPING_KEY_HANDLE_INVALID, "CKR_UNWRAPPING_KEY_HANDLE_INVALID " },
+ { CKR_UNWRAPPING_KEY_SIZE_RANGE, "CKR_UNWRAPPING_KEY_SIZE_RANGE " },
+ { CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT" },
+ { CKR_USER_ALREADY_LOGGED_IN, "CKR_USER_ALREADY_LOGGED_IN " },
+ { CKR_USER_NOT_LOGGED_IN, "CKR_USER_NOT_LOGGED_IN " },
+ { CKR_USER_PIN_NOT_INITIALIZED, "CKR_USER_PIN_NOT_INITIALIZED " },
+ { CKR_USER_TYPE_INVALID, "CKR_USER_TYPE_INVALID " },
+ { CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "CKR_USER_ANOTHER_ALREADY_LOGGED_IN " },
+ { CKR_USER_TOO_MANY_TYPES, "CKR_USER_TOO_MANY_TYPES " },
+ { CKR_WRAPPED_KEY_INVALID, "CKR_WRAPPED_KEY_INVALID " },
+ { CKR_WRAPPED_KEY_LEN_RANGE, "CKR_WRAPPED_KEY_LEN_RANGE " },
+ { CKR_WRAPPING_KEY_HANDLE_INVALID, "CKR_WRAPPING_KEY_HANDLE_INVALID " },
+ { CKR_WRAPPING_KEY_SIZE_RANGE, "CKR_WRAPPING_KEY_SIZE_RANGE " },
+ { CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "CKR_WRAPPING_KEY_TYPE_INCONSISTENT " },
+ { CKR_RANDOM_SEED_NOT_SUPPORTED, "CKR_RANDOM_SEED_NOT_SUPPORTED " },
+ { CKR_RANDOM_NO_RNG, "CKR_RANDOM_NO_RNG " },
+ { CKR_DOMAIN_PARAMS_INVALID, "CKR_DOMAIN_PARAMS_INVALID " },
+ { CKR_BUFFER_TOO_SMALL, "CKR_BUFFER_TOO_SMALL " },
+ { CKR_SAVED_STATE_INVALID, "CKR_SAVED_STATE_INVALID " },
+ { CKR_INFORMATION_SENSITIVE, "CKR_INFORMATION_SENSITIVE " },
+ { CKR_STATE_UNSAVEABLE, "CKR_STATE_UNSAVEABLE " },
+ { CKR_CRYPTOKI_NOT_INITIALIZED, "CKR_CRYPTOKI_NOT_INITIALIZED " },
+ { CKR_CRYPTOKI_ALREADY_INITIALIZED, "CKR_CRYPTOKI_ALREADY_INITIALIZED " },
+ { CKR_MUTEX_BAD, "CKR_MUTEX_BAD " },
+ { CKR_MUTEX_NOT_LOCKED, "CKR_MUTEX_NOT_LOCKED " },
+ { CKR_FUNCTION_REJECTED, "CKR_FUNCTION_REJECTED " },
+ { CKR_VENDOR_DEFINED, "CKR_VENDOR_DEFINED " },
+ { 0xCE534351, "CKR_NSS_CERTDB_FAILED " },
+ { 0xCE534352, "CKR_NSS_KEYDB_FAILED " }
+
+};
+
+static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str);
+
+/* Returns constant error string for "CRV".
+ * Returns "unknown error" if errNum is unknown.
+ */
+static const char *
+CK_RVtoStr(CK_RV errNum)
+{
+ CK_ULONG low = 1;
+ CK_ULONG high = numStrings - 1;
+ CK_ULONG i;
+ CK_RV num;
+ static int initDone;
+
+ /* make sure table is in ascending order.
+ * binary search depends on it.
+ */
+ if (!initDone) {
+ CK_RV lastNum = CKR_OK;
+ for (i = low; i <= high; ++i) {
+ num = errStrings[i].errNum;
+ if (num <= lastNum) {
+ PR_fprintf(PR_STDERR,
+ "sequence error in error strings at item %d\n"
+ "error %d (%s)\n"
+ "should come after \n"
+ "error %d (%s)\n",
+ (int)i, (int)lastNum, errStrings[i - 1].errString,
+ (int)num, errStrings[i].errString);
+ }
+ lastNum = num;
+ }
+ initDone = 1;
+ }
+
+ /* Do binary search of table. */
+ while (low + 1 < high) {
+ i = low + (high - low) / 2;
+ num = errStrings[i].errNum;
+ if (errNum == num)
+ return errStrings[i].errString;
+ if (errNum < num)
+ high = i;
+ else
+ low = i;
+ }
+ if (errNum == errStrings[low].errNum)
+ return errStrings[low].errString;
+ if (errNum == errStrings[high].errNum)
+ return errStrings[high].errString;
+ return "unknown error";
+}
+
+static void
+pk11error(const char *string, CK_RV crv)
+{
+ PRErrorCode errorcode;
+
+ PR_fprintf(PR_STDERR, "%s: 0x%08lX, %-26s\n", string, crv, CK_RVtoStr(crv));
+
+ errorcode = PR_GetError();
+ if (errorcode) {
+ PR_fprintf(PR_STDERR, "NSPR error code: %d: %s\n", errorcode,
+ PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+ }
+}
+
+static void
+logIt(const char *fmt, ...)
+{
+ va_list args;
+
+ if (verbose) {
+ va_start(args, fmt);
+ vprintf(fmt, args);
+ va_end(args);
+ }
+}
+
+static CK_RV
+softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char *configDir,
+ const char *dbPrefix)
+{
+
+ CK_RV crv = CKR_OK;
+ CK_C_INITIALIZE_ARGS initArgs;
+ char *moduleSpec = NULL;
+
+ initArgs.CreateMutex = NULL;
+ initArgs.DestroyMutex = NULL;
+ initArgs.LockMutex = NULL;
+ initArgs.UnlockMutex = NULL;
+ initArgs.flags = CKF_OS_LOCKING_OK;
+ if (configDir) {
+ moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
+ "keyPrefix='%s' secmod='secmod.db' flags=ReadOnly ",
+ configDir, dbPrefix, dbPrefix);
+ } else {
+ moduleSpec = PR_smprintf("configdir='' certPrefix='' keyPrefix='' "
+ "secmod='' flags=noCertDB, noModDB");
+ }
+ if (!moduleSpec) {
+ PR_fprintf(PR_STDERR, "softokn_Init: out of memory error\n");
+ return CKR_HOST_MEMORY;
+ }
+ logIt("moduleSpec %s\n", moduleSpec);
+ initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
+ initArgs.pReserved = NULL;
+
+ crv = pFunctionList->C_Initialize(&initArgs);
+ if (crv != CKR_OK) {
+ pk11error("C_Initialize failed", crv);
+ goto cleanup;
+ }
+
+cleanup:
+ if (moduleSpec) {
+ PR_smprintf_free(moduleSpec);
+ }
+
+ return crv;
+}
+
+static char *
+filePasswd(char *pwFile)
+{
+ unsigned char phrase[500];
+ PRFileDesc *fd;
+ PRInt32 nb;
+ int i;
+
+ if (!pwFile)
+ return 0;
+
+ fd = PR_Open(pwFile, PR_RDONLY, 0);
+ if (!fd) {
+ lperror(pwFile);
+ return NULL;
+ }
+
+ nb = PR_Read(fd, phrase, sizeof(phrase));
+
+ PR_Close(fd);
+ /* handle the Windows EOL case */
+ i = 0;
+ while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
+ i++;
+ phrase[i] = '\0';
+ if (nb == 0) {
+ PR_fprintf(PR_STDERR, "password file contains no data\n");
+ return NULL;
+ }
+ return (char *)PL_strdup((char *)phrase);
+}
+
+static void
+checkPath(char *string)
+{
+ char *src;
+ char *dest;
+
+ /*
+ * windows support convert any back slashes to
+ * forward slashes.
+ */
+ for (src = string, dest = string; *src; src++, dest++) {
+ if (*src == '\\') {
+ *dest = '/';
+ }
+ }
+ dest--;
+ /* if the last char is a / set it to 0 */
+ if (*dest == '/')
+ *dest = 0;
+}
+
+static CK_SLOT_ID *
+getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_ULONG slotIndex)
+{
+ CK_RV crv = CKR_OK;
+ CK_SLOT_ID *pSlotList = NULL;
+ CK_ULONG slotCount;
+
+ /* Get slot list */
+ crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+ NULL, &slotCount);
+ if (crv != CKR_OK) {
+ pk11error("C_GetSlotList failed", crv);
+ return NULL;
+ }
+
+ if (slotIndex >= slotCount) {
+ PR_fprintf(PR_STDERR, "provided slotIndex is greater than the slot count.");
+ return NULL;
+ }
+
+ pSlotList = (CK_SLOT_ID *)PR_Malloc(slotCount * sizeof(CK_SLOT_ID));
+ if (!pSlotList) {
+ lperror("failed to allocate slot list");
+ return NULL;
+ }
+ crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+ pSlotList, &slotCount);
+ if (crv != CKR_OK) {
+ pk11error("C_GetSlotList failed", crv);
+ if (pSlotList)
+ PR_Free(pSlotList);
+ return NULL;
+ }
+ return pSlotList;
+}
+
+CK_RV
+shlibSignDSA(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID slot,
+ CK_SESSION_HANDLE hRwSession, int keySize, PRFileDesc *ifd,
+ PRFileDesc *ofd, const HashTable *hash)
+{
+ CK_MECHANISM digestmech;
+ CK_ULONG digestLen = 0;
+ CK_BYTE digest[HASH_LENGTH_MAX];
+ CK_BYTE sign[64]; /* DSA2 SIGNATURE LENGTH */
+ CK_ULONG signLen = 0;
+ CK_ULONG expectedSigLen = sizeof(sign);
+ CK_MECHANISM signMech = {
+ CKM_DSA, NULL, 0
+ };
+ int bytesRead;
+ int bytesWritten;
+ unsigned char file_buf[512];
+ NSSSignChkHeader header;
+ int count = 0;
+ CK_RV crv = CKR_GENERAL_ERROR;
+ PRStatus rv = PR_SUCCESS;
+ const char *hashName = "sha256"; /* default hash value */
+ int i;
+
+ /*** DSA Key ***/
+ CK_MECHANISM dsaKeyPairGenMech;
+ CK_ATTRIBUTE dsaPubKeyTemplate[5];
+ CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+ CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
+ CK_BYTE dsaPubKey[384];
+ CK_ATTRIBUTE dsaPubKeyValue;
+
+ if ((keySize == 0) || (keySize > 1024)) {
+ CK_MECHANISM_INFO mechInfo;
+ crv = pFunctionList->C_GetMechanismInfo(slot,
+ CKM_DSA, &mechInfo);
+ if (crv != CKR_OK) {
+ pk11error("Couldn't get mechanism info for DSA", crv);
+ return crv;
+ }
+
+ if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
+ PR_fprintf(PR_STDERR,
+ "token doesn't support DSA2 (Max key size=%d)\n",
+ mechInfo.ulMaxKeySize);
+ return crv;
+ }
+
+ if ((keySize == 0) && mechInfo.ulMaxKeySize >= 2048) {
+ keySize = 2048;
+ } else {
+ keySize = 1024;
+ }
+ }
+
+ /* DSA key init */
+ if (keySize == 1024) {
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime;
+ dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime;
+ dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base;
+ dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
+ hashName = "sha-1"; /* use sha-1 for old dsa keys */
+ expectedSigLen = 32;
+ } else if (keySize == 2048) {
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime2;
+ dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime2;
+ dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base2;
+ dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
+ digestmech.mechanism = hash ? hash->hash : CKM_SHA256;
+ digestmech.pParameter = NULL;
+ digestmech.ulParameterLen = 0;
+ } else {
+ PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported");
+ return CKR_GENERAL_ERROR;
+ }
+ if (hash == NULL) {
+ hash = findHash(hashName);
+ }
+ if (hash == NULL) {
+ PR_fprintf(PR_STDERR,
+ "Internal error, couldn't find hash '%s' in table.\n",
+ hashName);
+ return CKR_GENERAL_ERROR;
+ }
+ digestmech.mechanism = hash->hash;
+ digestmech.pParameter = NULL;
+ digestmech.ulParameterLen = 0;
+ dsaPubKeyTemplate[3].type = CKA_TOKEN;
+ dsaPubKeyTemplate[3].pValue = &ckfalse; /* session object */
+ dsaPubKeyTemplate[3].ulValueLen = sizeof(ckfalse);
+ dsaPubKeyTemplate[4].type = CKA_VERIFY;
+ dsaPubKeyTemplate[4].pValue = &cktrue;
+ dsaPubKeyTemplate[4].ulValueLen = sizeof(cktrue);
+ dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+ dsaKeyPairGenMech.pParameter = NULL;
+ dsaKeyPairGenMech.ulParameterLen = 0;
+ dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+ dsaPrivKeyTemplate[0].pValue = &ckfalse; /* session object */
+ dsaPrivKeyTemplate[0].ulValueLen = sizeof(ckfalse);
+ dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+ dsaPrivKeyTemplate[1].pValue = &cktrue;
+ dsaPrivKeyTemplate[1].ulValueLen = sizeof(cktrue);
+ dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+ dsaPrivKeyTemplate[2].pValue = &cktrue;
+ dsaPrivKeyTemplate[2].ulValueLen = sizeof(cktrue);
+ dsaPrivKeyTemplate[3].type = CKA_SIGN,
+ dsaPrivKeyTemplate[3].pValue = &cktrue;
+ dsaPrivKeyTemplate[3].ulValueLen = sizeof(cktrue);
+ dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+ dsaPrivKeyTemplate[4].pValue = &ckfalse;
+ dsaPrivKeyTemplate[4].ulValueLen = sizeof(ckfalse);
+
+ /* Generate a DSA key pair */
+ logIt("Generate a DSA key pair ... \n");
+ crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
+ dsaPubKeyTemplate,
+ PR_ARRAY_SIZE(dsaPubKeyTemplate),
+ dsaPrivKeyTemplate,
+ PR_ARRAY_SIZE(dsaPrivKeyTemplate),
+ &hDSApubKey, &hDSAprivKey);
+ if (crv != CKR_OK) {
+ pk11error("DSA key pair generation failed", crv);
+ return crv;
+ }
+
+ /* compute the digest */
+ memset(digest, 0, sizeof(digest));
+ crv = pFunctionList->C_DigestInit(hRwSession, &digestmech);
+ if (crv != CKR_OK) {
+ pk11error("C_DigestInit failed", crv);
+ return crv;
+ }
+
+ /* Digest the file */
+ while ((bytesRead = PR_Read(ifd, file_buf, sizeof(file_buf))) > 0) {
+ crv = pFunctionList->C_DigestUpdate(hRwSession, (CK_BYTE_PTR)file_buf,
+ bytesRead);
+ if (crv != CKR_OK) {
+ pk11error("C_DigestUpdate failed", crv);
+ return crv;
+ }
+ count += bytesRead;
+ }
+
+ if (bytesRead < 0) {
+ lperror("0 bytes read from input file");
+ return CKR_INTERNAL_IN_FAILURE;
+ }
+
+ digestLen = sizeof(digest);
+ crv = pFunctionList->C_DigestFinal(hRwSession, (CK_BYTE_PTR)digest,
+ &digestLen);
+ if (crv != CKR_OK) {
+ pk11error("C_DigestFinal failed", crv);
+ return crv;
+ }
+
+ if (digestLen != hash->hashLength) {
+ PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
+ "it should be %lu \n",
+ digestLen, sizeof(digest));
+ return crv;
+ }
+
+ /* sign the hash */
+ memset(sign, 0, sizeof(sign));
+ /* SignUpdate */
+ crv = pFunctionList->C_SignInit(hRwSession, &signMech, hDSAprivKey);
+ if (crv != CKR_OK) {
+ pk11error("C_SignInit failed", crv);
+ return crv;
+ }
+
+ signLen = sizeof(sign);
+ crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)digest, digestLen,
+ sign, &signLen);
+ if (crv != CKR_OK) {
+ pk11error("C_Sign failed", crv);
+ return crv;
+ }
+
+ if (signLen != expectedSigLen) {
+ PR_fprintf(PR_STDERR, "signLen has incorrect length %lu "
+ "it should be %lu \n",
+ signLen, expectedSigLen);
+ return crv;
+ }
+
+ if (verify) {
+ crv = pFunctionList->C_VerifyInit(hRwSession, &signMech, hDSApubKey);
+ if (crv != CKR_OK) {
+ pk11error("C_VerifyInit failed", crv);
+ return crv;
+ }
+ crv = pFunctionList->C_Verify(hRwSession, digest, digestLen,
+ sign, signLen);
+ if (crv != CKR_OK) {
+ pk11error("C_Verify failed", crv);
+ return crv;
+ }
+ }
+
+ if (verbose) {
+ int j;
+ PR_fprintf(PR_STDERR, "Library File Size: %d bytes\n", count);
+ PR_fprintf(PR_STDERR, " hash: %lu bytes\n", digestLen);
+#define STEP 10
+ for (i = 0; i < (int)digestLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)digestLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", digest[i + j]);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ }
+ PR_fprintf(PR_STDERR, " signature: %lu bytes\n", signLen);
+ for (i = 0; i < (int)signLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)signLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", sign[i + j]);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ }
+ }
+
+ /*
+ * we write the key out in a straight binary format because very
+ * low level libraries need to read an parse this file. Ideally we should
+ * just derEncode the public key (which would be pretty simple, and be
+ * more general), but then we'd need to link the ASN.1 decoder with the
+ * freebl libraries.
+ */
+
+ header.magic1 = NSS_SIGN_CHK_MAGIC1;
+ header.magic2 = NSS_SIGN_CHK_MAGIC2;
+ header.majorVersion = compat ? COMPAT_MAJOR : NSS_SIGN_CHK_MAJOR_VERSION;
+ header.minorVersion = compat ? COMPAT_MINOR : NSS_SIGN_CHK_MINOR_VERSION;
+ encodeInt(header.offset, sizeof(header)); /* offset to data start */
+ encodeInt(header.type, CKK_DSA);
+ bytesWritten = PR_Write(ofd, &header, sizeof(header));
+ if (bytesWritten != sizeof(header)) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+
+ /* get DSA Public KeyValue */
+ memset(dsaPubKey, 0, sizeof(dsaPubKey));
+ dsaPubKeyValue.type = CKA_VALUE;
+ dsaPubKeyValue.pValue = (CK_VOID_PTR)&dsaPubKey;
+ dsaPubKeyValue.ulValueLen = sizeof(dsaPubKey);
+
+ crv = pFunctionList->C_GetAttributeValue(hRwSession, hDSApubKey,
+ &dsaPubKeyValue, 1);
+ if (crv != CKR_OK && crv != CKR_ATTRIBUTE_TYPE_INVALID) {
+ pk11error("C_GetAttributeValue failed", crv);
+ return crv;
+ }
+
+ /* CKA_PRIME */
+ rv = writeItem(ofd, dsaPubKeyTemplate[0].pValue,
+ dsaPubKeyTemplate[0].ulValueLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+ /* CKA_SUBPRIME */
+ rv = writeItem(ofd, dsaPubKeyTemplate[1].pValue,
+ dsaPubKeyTemplate[1].ulValueLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+ /* CKA_BASE */
+ rv = writeItem(ofd, dsaPubKeyTemplate[2].pValue,
+ dsaPubKeyTemplate[2].ulValueLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+ /* DSA Public Key value */
+ rv = writeItem(ofd, dsaPubKeyValue.pValue,
+ dsaPubKeyValue.ulValueLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+ /* DSA SIGNATURE */
+ rv = writeItem(ofd, &sign, signLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+
+ return CKR_OK;
+}
+
+CK_RV
+shlibSignHMAC(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID slot,
+ CK_SESSION_HANDLE hRwSession, int keySize, PRFileDesc *ifd,
+ PRFileDesc *ofd, const HashTable *hash)
+{
+ CK_MECHANISM hmacMech = { 0, NULL, 0 };
+ CK_MECHANISM hmacKeyGenMech = { 0, NULL, 0 };
+ CK_BYTE keyBuf[HASH_LENGTH_MAX];
+ CK_ULONG keyLen = 0;
+ CK_BYTE sign[HASH_LENGTH_MAX];
+ CK_ULONG signLen = 0;
+ int bytesRead;
+ int bytesWritten;
+ unsigned char file_buf[512];
+ NSSSignChkHeader header;
+ int count = 0;
+ CK_RV crv = CKR_GENERAL_ERROR;
+ PRStatus rv = PR_SUCCESS;
+ int i;
+
+ /*** HMAC Key ***/
+ CK_ATTRIBUTE hmacKeyTemplate[7];
+ CK_ATTRIBUTE hmacKeyValue;
+ CK_OBJECT_HANDLE hHMACKey = CK_INVALID_HANDLE;
+
+ if (hash == NULL) {
+ hash = findHash("sha256");
+ }
+ if (hash == NULL) {
+ PR_fprintf(PR_STDERR,
+ "Internal error:Could find sha256 entry in table.\n");
+ }
+
+ hmacKeyTemplate[0].type = CKA_TOKEN;
+ hmacKeyTemplate[0].pValue = &ckfalse; /* session object */
+ hmacKeyTemplate[0].ulValueLen = sizeof(ckfalse);
+ hmacKeyTemplate[1].type = CKA_PRIVATE;
+ hmacKeyTemplate[1].pValue = &cktrue;
+ hmacKeyTemplate[1].ulValueLen = sizeof(cktrue);
+ hmacKeyTemplate[2].type = CKA_SENSITIVE;
+ hmacKeyTemplate[2].pValue = &ckfalse;
+ hmacKeyTemplate[2].ulValueLen = sizeof(cktrue);
+ hmacKeyTemplate[3].type = CKA_SIGN;
+ hmacKeyTemplate[3].pValue = &cktrue;
+ hmacKeyTemplate[3].ulValueLen = sizeof(cktrue);
+ hmacKeyTemplate[4].type = CKA_EXTRACTABLE;
+ hmacKeyTemplate[4].pValue = &ckfalse;
+ hmacKeyTemplate[4].ulValueLen = sizeof(ckfalse);
+ hmacKeyTemplate[5].type = CKA_VALUE_LEN;
+ hmacKeyTemplate[5].pValue = (void *)&hash->hashLength;
+ hmacKeyTemplate[5].ulValueLen = sizeof(hash->hashLength);
+ hmacKeyTemplate[6].type = CKA_KEY_TYPE;
+ hmacKeyTemplate[6].pValue = (void *)&hash->keyType;
+ hmacKeyTemplate[6].ulValueLen = sizeof(hash->keyType);
+ hmacKeyGenMech.mechanism = CKM_GENERIC_SECRET_KEY_GEN;
+ hmacMech.mechanism = hash->hmac;
+
+ /* Generate a DSA key pair */
+ logIt("Generate an HMAC key ... \n");
+ crv = pFunctionList->C_GenerateKey(hRwSession, &hmacKeyGenMech,
+ hmacKeyTemplate,
+ PR_ARRAY_SIZE(hmacKeyTemplate),
+ &hHMACKey);
+ if (crv != CKR_OK) {
+ pk11error("HMAC key generation failed", crv);
+ return crv;
+ }
+
+ /* compute the digest */
+ memset(sign, 0, sizeof(sign));
+ crv = pFunctionList->C_SignInit(hRwSession, &hmacMech, hHMACKey);
+ if (crv != CKR_OK) {
+ pk11error("C_SignInit failed", crv);
+ return crv;
+ }
+
+ /* Digest the file */
+ while ((bytesRead = PR_Read(ifd, file_buf, sizeof(file_buf))) > 0) {
+ crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE_PTR)file_buf,
+ bytesRead);
+ if (crv != CKR_OK) {
+ pk11error("C_SignUpdate failed", crv);
+ return crv;
+ }
+ count += bytesRead;
+ }
+
+ if (bytesRead < 0) {
+ lperror("0 bytes read from input file");
+ return CKR_INTERNAL_IN_FAILURE;
+ }
+
+ signLen = sizeof(sign);
+ crv = pFunctionList->C_SignFinal(hRwSession, (CK_BYTE_PTR)sign,
+ &signLen);
+ if (crv != CKR_OK) {
+ pk11error("C_SignFinal failed", crv);
+ return crv;
+ }
+
+ if (signLen != hash->hashLength) {
+ PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
+ "it should be %lu \n",
+ signLen, hash->hashLength);
+ return crv;
+ }
+ /* get HMAC KeyValue */
+ memset(keyBuf, 0, sizeof(keyBuf));
+ hmacKeyValue.type = CKA_VALUE;
+ hmacKeyValue.pValue = (CK_VOID_PTR)&keyBuf;
+ hmacKeyValue.ulValueLen = sizeof(keyBuf);
+
+ crv = pFunctionList->C_GetAttributeValue(hRwSession, hHMACKey,
+ &hmacKeyValue, 1);
+ if (crv != CKR_OK && crv != CKR_ATTRIBUTE_TYPE_INVALID) {
+ pk11error("C_GetAttributeValue failed", crv);
+ return crv;
+ }
+ keyLen = hmacKeyValue.ulValueLen;
+
+ if (verbose) {
+ int j;
+ PR_fprintf(PR_STDERR, "Library File Size: %d bytes\n", count);
+ PR_fprintf(PR_STDERR, " key: %lu bytes\n", keyLen);
+#define STEP 10
+ for (i = 0; i < (int)keyLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)keyLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", keyBuf[i + j]);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ }
+ PR_fprintf(PR_STDERR, " signature: %lu bytes\n", signLen);
+ for (i = 0; i < (int)signLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)signLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", sign[i + j]);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ }
+ }
+
+ /*
+ * we write the key out in a straight binary format because very
+ * low level libraries need to read an parse this file. Ideally we should
+ * just derEncode the public key (which would be pretty simple, and be
+ * more general), but then we'd need to link the ASN.1 decoder with the
+ * freebl libraries.
+ */
+
+ header.magic1 = NSS_SIGN_CHK_MAGIC1;
+ header.magic2 = NSS_SIGN_CHK_MAGIC2;
+ header.majorVersion = NSS_SIGN_CHK_MAJOR_VERSION;
+ header.minorVersion = NSS_SIGN_CHK_MINOR_VERSION;
+ encodeInt(header.offset, sizeof(header)); /* offset to data start */
+ encodeInt(header.type, NSS_SIGN_CHK_FLAG_HMAC | hash->hashType);
+ bytesWritten = PR_Write(ofd, &header, sizeof(header));
+ if (bytesWritten != sizeof(header)) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+
+ /* HMACKey */
+ rv = writeItem(ofd, keyBuf, keyLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+ /* HMAC SIGNATURE */
+ rv = writeItem(ofd, &sign, signLen);
+ if (rv != PR_SUCCESS) {
+ return CKR_INTERNAL_OUT_FAILURE;
+ }
+
+ return CKR_OK;
+}
+
+int
+main(int argc, char **argv)
+{
+ PLOptState *optstate;
+ char *program_name;
+ char *libname = NULL;
+ PRLibrary *lib = NULL;
+ PRFileDesc *ifd = NULL;
+ PRFileDesc *ofd = NULL;
+ const char *input_file = NULL; /* read/create encrypted data from here */
+ char *output_file = NULL; /* write new encrypted data here */
+ unsigned int keySize = 0;
+ static PRBool FIPSMODE = PR_FALSE;
+ static PRBool useDSA = PR_FALSE;
+ PRBool successful = PR_FALSE;
+ const HashTable *hash = NULL;
+
+#ifdef USES_LINKS
+ int ret;
+ struct stat stat_buf;
+ char link_buf[MAXPATHLEN + 1];
+ char *link_file = NULL;
+#endif
+
+ char *pwd = NULL;
+ char *configDir = NULL;
+ char *dbPrefix = NULL;
+ char *disableUnload = NULL;
+
+ CK_C_GetFunctionList pC_GetFunctionList;
+ CK_TOKEN_INFO tokenInfo;
+ CK_FUNCTION_LIST_PTR pFunctionList = NULL;
+ CK_RV crv = CKR_OK;
+ CK_SESSION_HANDLE hRwSession;
+ CK_SLOT_ID *pSlotList = NULL;
+ CK_ULONG slotIndex = 0;
+
+ program_name = strrchr(argv[0], '/');
+ program_name = program_name ? (program_name + 1) : argv[0];
+ optstate = PL_CreateOptState(argc, argv, "i:o:f:Fd:hH?k:p:P:vVs:t:Dc");
+ if (optstate == NULL) {
+ lperror("PL_CreateOptState failed");
+ return 1;
+ }
+
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+ switch (optstate->option) {
+
+ case 'd':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ configDir = PL_strdup(optstate->value);
+ checkPath(configDir);
+ break;
+
+ case 'D':
+ useDSA = PR_TRUE;
+ break;
+
+ case 'c':
+ compat = PR_TRUE;
+ break;
+
+ case 'i':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ input_file = optstate->value;
+ break;
+
+ case 'o':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ output_file = PL_strdup(optstate->value);
+ break;
+
+ case 'k':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ keySize = atoi(optstate->value);
+ break;
+
+ case 'f':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ pwd = filePasswd((char *)optstate->value);
+ if (!pwd)
+ usage(program_name);
+ break;
+
+ case 'F':
+ FIPSMODE = PR_TRUE;
+ break;
+
+ case 'p':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ pwd = PL_strdup(optstate->value);
+ break;
+
+ case 'P':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ dbPrefix = PL_strdup(optstate->value);
+ break;
+
+ case 't':
+ if (!optstate->value) {
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ }
+ hash = findHash(optstate->value);
+ if (hash == NULL) {
+ PR_fprintf(PR_STDERR, "Invalid hash '%s'\n",
+ optstate->value);
+ usage(program_name);
+ }
+ break;
+ case 'v':
+ verbose = PR_TRUE;
+ break;
+
+ case 'V':
+ verify = PR_TRUE;
+ break;
+
+ case 'H':
+ PL_DestroyOptState(optstate);
+ long_usage(program_name);
+ return 1;
+ break;
+
+ case 'h':
+ case '?':
+ default:
+ PL_DestroyOptState(optstate);
+ usage(program_name);
+ return 1;
+ break;
+ }
+ }
+ PL_DestroyOptState(optstate);
+
+ if (!input_file) {
+ usage(program_name);
+ return 1;
+ }
+
+ /* Get the platform-dependent library name of the
+ * NSS cryptographic module.
+ */
+ libname = PR_GetLibraryName(NULL, "softokn3");
+ assert(libname != NULL);
+ if (!libname) {
+ PR_fprintf(PR_STDERR, "getting softokn3 failed");
+ goto cleanup;
+ }
+ lib = PR_LoadLibrary(libname);
+ assert(lib != NULL);
+ if (!lib) {
+ PR_fprintf(PR_STDERR, "loading softokn3 failed");
+ goto cleanup;
+ }
+ PR_FreeLibraryName(libname);
+
+ if (FIPSMODE) {
+ /* FIPSMODE == FC_GetFunctionList */
+ /* library path must be set to an already signed softokn3/freebl */
+ pC_GetFunctionList = (CK_C_GetFunctionList)
+ PR_FindFunctionSymbol(lib, "FC_GetFunctionList");
+ } else {
+ /* NON FIPS mode == C_GetFunctionList */
+ pC_GetFunctionList = (CK_C_GetFunctionList)
+ PR_FindFunctionSymbol(lib, "C_GetFunctionList");
+ }
+ assert(pC_GetFunctionList != NULL);
+ if (!pC_GetFunctionList) {
+ PR_fprintf(PR_STDERR, "getting function list failed");
+ goto cleanup;
+ }
+
+ crv = (*pC_GetFunctionList)(&pFunctionList);
+ assert(crv == CKR_OK);
+ if (crv != CKR_OK) {
+ PR_fprintf(PR_STDERR, "loading function list failed");
+ goto cleanup;
+ }
+
+ if (configDir) {
+ if (!dbPrefix) {
+ dbPrefix = PL_strdup("");
+ }
+ crv = softokn_Init(pFunctionList, configDir, dbPrefix);
+ if (crv != CKR_OK) {
+ logIt("Failed to use provided database directory "
+ "will just initialize the volatile certdb.\n");
+ crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
+ }
+ } else {
+ crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
+ }
+
+ if (crv != CKR_OK) {
+ pk11error("Initiailzing softoken failed", crv);
+ goto cleanup;
+ }
+
+ pSlotList = getSlotList(pFunctionList, slotIndex);
+ if (pSlotList == NULL) {
+ PR_fprintf(PR_STDERR, "getSlotList failed");
+ goto cleanup;
+ }
+
+ crv = pFunctionList->C_OpenSession(pSlotList[slotIndex],
+ CKF_RW_SESSION | CKF_SERIAL_SESSION,
+ NULL, NULL, &hRwSession);
+ if (crv != CKR_OK) {
+ pk11error("Opening a read/write session failed", crv);
+ goto cleanup;
+ }
+
+ /* check if a password is needed */
+ crv = pFunctionList->C_GetTokenInfo(pSlotList[slotIndex], &tokenInfo);
+ if (crv != CKR_OK) {
+ pk11error("C_GetTokenInfo failed", crv);
+ goto cleanup;
+ }
+ if (tokenInfo.flags & CKF_LOGIN_REQUIRED) {
+ if (pwd) {
+ int pwdLen = strlen((const char *)pwd);
+ crv = pFunctionList->C_Login(hRwSession, CKU_USER,
+ (CK_UTF8CHAR_PTR)pwd, (CK_ULONG)pwdLen);
+ if (crv != CKR_OK) {
+ pk11error("C_Login failed", crv);
+ goto cleanup;
+ }
+ } else {
+ PR_fprintf(PR_STDERR, "Please provide the password for the token");
+ goto cleanup;
+ }
+ } else if (pwd) {
+ logIt("A password was provided but the password was not used.\n");
+ }
+
+ /* open the shared library */
+ ifd = PR_OpenFile(input_file, PR_RDONLY, 0);
+ if (ifd == NULL) {
+ lperror(input_file);
+ goto cleanup;
+ }
+#ifdef USES_LINKS
+ ret = lstat(input_file, &stat_buf);
+ if (ret < 0) {
+ perror(input_file);
+ goto cleanup;
+ }
+ if (S_ISLNK(stat_buf.st_mode)) {
+ char *dirpath, *dirend;
+ ret = readlink(input_file, link_buf, sizeof(link_buf) - 1);
+ if (ret < 0) {
+ perror(input_file);
+ goto cleanup;
+ }
+ link_buf[ret] = 0;
+ link_file = mkoutput(input_file);
+ /* get the dirname of input_file */
+ dirpath = PL_strdup(input_file);
+ dirend = strrchr(dirpath, '/');
+ if (dirend) {
+ *dirend = '\0';
+ ret = chdir(dirpath);
+ if (ret < 0) {
+ perror(dirpath);
+ goto cleanup;
+ }
+ }
+ PL_strfree(dirpath);
+ input_file = link_buf;
+ /* get the basename of link_file */
+ dirend = strrchr(link_file, '/');
+ if (dirend) {
+ char *tmp_file = NULL;
+ tmp_file = PL_strdup(dirend + 1);
+ PL_strfree(link_file);
+ link_file = tmp_file;
+ }
+ }
+#endif
+ if (output_file == NULL) {
+ output_file = mkoutput(input_file);
+ }
+
+ if (verbose) {
+ PR_fprintf(PR_STDERR, "Library File: %s\n", input_file);
+ PR_fprintf(PR_STDERR, "Check File: %s\n", output_file);
+#ifdef USES_LINKS
+ if (link_file) {
+ PR_fprintf(PR_STDERR, "Link: %s\n", link_file);
+ }
+#endif
+ }
+
+ /* open the target signature file */
+ ofd = PR_Open(output_file, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666);
+ if (ofd == NULL) {
+ lperror(output_file);
+ goto cleanup;
+ }
+
+ if (useDSA) {
+ crv = shlibSignDSA(pFunctionList, pSlotList[slotIndex], hRwSession,
+ keySize, ifd, ofd, hash);
+ } else {
+ crv = shlibSignHMAC(pFunctionList, pSlotList[slotIndex], hRwSession,
+ keySize, ifd, ofd, hash);
+ }
+ if (crv == CKR_INTERNAL_OUT_FAILURE) {
+ lperror(output_file);
+ }
+ if (crv == CKR_INTERNAL_IN_FAILURE) {
+ lperror(input_file);
+ }
+
+ PR_Close(ofd);
+ ofd = NULL;
+ /* close the input_File */
+ PR_Close(ifd);
+ ifd = NULL;
+
+#ifdef USES_LINKS
+ if (link_file) {
+ (void)unlink(link_file);
+ ret = symlink(output_file, link_file);
+ if (ret < 0) {
+ perror(link_file);
+ goto cleanup;
+ }
+ }
+#endif
+ successful = PR_TRUE;
+
+cleanup:
+ if (pFunctionList) {
+ /* C_Finalize will automatically logout, close session, */
+ /* and delete the temp objects on the token */
+ crv = pFunctionList->C_Finalize(NULL);
+ if (crv != CKR_OK) {
+ pk11error("C_Finalize failed", crv);
+ }
+ }
+ if (pSlotList) {
+ PR_Free(pSlotList);
+ }
+ if (pwd) {
+ PL_strfree(pwd);
+ }
+ if (configDir) {
+ PL_strfree(configDir);
+ }
+ if (dbPrefix) {
+ PL_strfree(dbPrefix);
+ }
+ if (output_file) { /* allocated by mkoutput function */
+ PL_strfree(output_file);
+ }
+#ifdef USES_LINKS
+ if (link_file) { /* allocated by mkoutput function */
+ PL_strfree(link_file);
+ }
+#endif
+ if (ifd) {
+ PR_Close(ifd);
+ }
+ if (ofd) {
+ PR_Close(ofd);
+ }
+
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+ if (!disableUnload && lib) {
+ PR_UnloadLibrary(lib);
+ }
+ PR_Cleanup();
+
+ if (crv != CKR_OK)
+ return crv;
+
+ return (successful) ? 0 : 1;
+}
diff --git a/security/nss/cmd/shlibsign/shlibsign.gyp b/security/nss/cmd/shlibsign/shlibsign.gyp
new file mode 100644
index 0000000000..75612c07a2
--- /dev/null
+++ b/security/nss/cmd/shlibsign/shlibsign.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../../cmd/platlibs.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'shlibsign',
+ 'type': 'executable',
+ 'sources': [
+ 'shlibsign.c'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ]
+ }
+ ],
+ 'target_defaults': {
+ 'defines': [
+ 'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+ 'SHLIB_PREFIX=\"<(dll_prefix)\"'
+ ]
+ },
+ 'variables': {
+ 'module': 'nss'
+ }
+} \ No newline at end of file
diff --git a/security/nss/cmd/shlibsign/sign.cmd b/security/nss/cmd/shlibsign/sign.cmd
new file mode 100644
index 0000000000..db37411af4
--- /dev/null
+++ b/security/nss/cmd/shlibsign/sign.cmd
@@ -0,0 +1,25 @@
+rem This Source Code Form is subject to the terms of the Mozilla Public
+rem License, v. 2.0. If a copy of the MPL was not distributed with this
+rem file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/* Equivalent to sign.sh for OS/2 */
+PARSE ARG dist objdir os_target nspr_lib_dir therest
+dist=forwardtoback(dist);
+objdir=forwardtoback(objdir);
+nspr_lib_dir=forwardtoback(nspr_lib_dir);
+'echo 'dist
+'echo 'objdir
+'echo 'nspr_lib_dir
+'set BEGINLIBPATH='dist'\lib;'nspr_lib_dir';'dist'\bin;%BEGINLIBPATH%'
+'set LIBPATHSTRICT=T'
+objdir'\shlibsign -v -i 'therest
+exit
+
+forwardtoback: procedure
+ arg pathname
+ parse var pathname pathname'/'rest
+ do while (rest <> "")
+ pathname = pathname'\'rest
+ parse var pathname pathname'/'rest
+ end
+ return pathname
diff --git a/security/nss/cmd/shlibsign/sign.sh b/security/nss/cmd/shlibsign/sign.sh
new file mode 100644
index 0000000000..d8bd837d64
--- /dev/null
+++ b/security/nss/cmd/shlibsign/sign.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# arguments:
+# 1: full path to DIST/OBJDIR (parent dir of "lib")
+# 2: full path to shlibsign executable (DIST/OBJDIR/bin)
+# 3: OS_TARGET
+# 4: full path to DIST/OBJDIR/lib
+# 5: full path to library that is to be signed
+
+case "${3}" in
+WIN*)
+ if echo "${PATH}" | grep -c \; >/dev/null; then
+ PATH=${1}/lib\;${1}/bin\;${4}\;${PATH}
+ else
+ # ARG1 is ${1} with the drive letter escaped.
+ if echo "${1}" | grep -c : >/dev/null; then
+ ARG1=`(cd ${1}; pwd)`
+ else
+ ARG1=${1}
+ fi
+ if echo "${4}" | grep -c : >/dev/null; then
+ ARG4=`(cd ${4}; pwd)`
+ else
+ ARG4=${4}
+ fi
+ PATH=${ARG1}/lib:${ARG1}/bin:${ARG4}:${PATH}
+ fi
+ export PATH
+ echo "${2}"/shlibsign -v -i "${5}"
+ "${2}"/shlibsign -v -i "${5}"
+ ;;
+*)
+ LIBPATH=`(cd "${1}"/lib; pwd)`:`(cd "${4}"; pwd)`:$LIBPATH
+ export LIBPATH
+ SHLIB_PATH=${1}/lib:${4}:$SHLIB_PATH
+ export SHLIB_PATH
+ LD_LIBRARY_PATH=${1}/lib:${4}:$LD_LIBRARY_PATH
+ export LD_LIBRARY_PATH
+ DYLD_LIBRARY_PATH=${1}/lib:${4}:$DYLD_LIBRARY_PATH
+ export DYLD_LIBRARY_PATH
+ LIBRARY_PATH=${1}/lib:${4}:$LIBRARY_PATH
+ export LIBRARY_PATH
+ ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+ export ADDON_PATH
+ echo "${2}"/shlibsign -v -i "${5}"
+ "${2}"/shlibsign -v -i "${5}"
+ ;;
+esac