1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef CKCAPI_H
#define CKCAPI_H 1
#include "nssckmdt.h"
#include "nssckfw.h"
/*
* I'm including this for access to the arena functions.
* Looks like we should publish that API.
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
/*
* This is where the Netscape extensions live, at least for now.
*/
#ifndef CKT_H
#include "ckt.h"
#endif /* CKT_H */
#include "wtypes.h"
#include "wincrypt.h"
/*
* statically defined raw objects. Allows us to data description objects
* to this PKCS #11 module.
*/
struct ckcapiRawObjectStr {
CK_ULONG n;
const CK_ATTRIBUTE_TYPE *types;
const NSSItem *items;
};
typedef struct ckcapiRawObjectStr ckcapiRawObject;
/*
* common values needed for both bare keys and cert referenced keys.
*/
struct ckcapiKeyParamsStr {
NSSItem modulus;
NSSItem exponent;
NSSItem privateExponent;
NSSItem prime1;
NSSItem prime2;
NSSItem exponent1;
NSSItem exponent2;
NSSItem coefficient;
unsigned char publicExponentData[sizeof(CK_ULONG)];
void *privateKey;
void *pubKey;
};
typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
/*
* Key objects. Handles bare keys which do not yet have certs associated
* with them. These are usually short lived, but may exist for several days
* while the CA is issuing the certificate.
*/
struct ckcapiKeyObjectStr {
CRYPT_KEY_PROV_INFO provInfo;
char *provName;
char *containerName;
HCRYPTPROV hProv;
ckcapiKeyParams key;
};
typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
/*
* Certificate and certificate referenced keys.
*/
struct ckcapiCertObjectStr {
PCCERT_CONTEXT certContext;
PRBool hasID;
const char *certStore;
NSSItem label;
NSSItem subject;
NSSItem issuer;
NSSItem serial;
NSSItem derCert;
ckcapiKeyParams key;
unsigned char *labelData;
/* static data: to do, make this dynamic like labelData */
unsigned char derSerial[128];
};
typedef struct ckcapiCertObjectStr ckcapiCertObject;
typedef enum {
ckcapiRaw,
ckcapiCert,
ckcapiBareKey
} ckcapiObjectType;
/*
* all the various types of objects are abstracted away in cobject and
* cfind as ckcapiInternalObjects.
*/
struct ckcapiInternalObjectStr {
ckcapiObjectType type;
union {
ckcapiRawObject raw;
ckcapiCertObject cert;
ckcapiKeyObject key;
} u;
CK_OBJECT_CLASS objClass;
NSSItem hashKey;
NSSItem id;
void *idData;
unsigned char hashKeyData[128];
NSSCKMDObject mdObject;
};
typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
/* our raw object data array */
NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription;
NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription;
NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel;
NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber;
NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
NSS_EXTERN NSSCKMDSession *
nss_ckcapi_CreateSession(
NSSCKFWSession *fwSession,
CK_RV *pError);
NSS_EXTERN NSSCKMDFindObjects *
nss_ckcapi_FindObjectsInit(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError);
/*
* Object Utilities
*/
NSS_EXTERN NSSCKMDObject *
nss_ckcapi_CreateMDObject(
NSSArena *arena,
ckcapiInternalObject *io,
CK_RV *pError);
NSS_EXTERN NSSCKMDObject *
nss_ckcapi_CreateObject(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError);
NSS_EXTERN const NSSItem *
nss_ckcapi_FetchAttribute(
ckcapiInternalObject *io,
CK_ATTRIBUTE_TYPE type);
NSS_EXTERN void
nss_ckcapi_DestroyInternalObject(
ckcapiInternalObject *io);
NSS_EXTERN CK_RV
nss_ckcapi_FetchKeyContainer(
ckcapiInternalObject *iKey,
HCRYPTPROV *hProv,
DWORD *keySpec,
HCRYPTKEY *hKey);
/*
* generic utilities
*/
/*
* So everyone else in the worlds stores their bignum data MSB first, but not
* Microsoft, we need to byte swap everything coming into and out of CAPI.
*/
void
ckcapi_ReverseData(
NSSItem *item);
/*
* unwrap a single DER value
*/
unsigned char *
nss_ckcapi_DERUnwrap(
unsigned char *src,
unsigned int size,
unsigned int *outSize,
unsigned char **next);
/*
* Return the size in bytes of a wide string
*/
int
nss_ckcapi_WideSize(
LPCWSTR wide);
/*
* Covert a Unicode wide character string to a UTF8 string
*/
char *
nss_ckcapi_WideToUTF8(
LPCWSTR wide);
/*
* Return a Wide String duplicated with nss allocated memory.
*/
LPWSTR
nss_ckcapi_WideDup(
LPCWSTR wide);
/*
* Covert a UTF8 string to Unicode wide character
*/
LPWSTR
nss_ckcapi_UTF8ToWide(
char *buf);
NSS_EXTERN PRUint32
nss_ckcapi_collect_all_certs(
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckcapiInternalObject ***listp,
PRUint32 *sizep,
PRUint32 count,
CK_RV *pError);
#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0])))
#endif
|