int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot_num) { /* NSS manages the sessions under the covers, use this function to * select a slot */ if (h->slot != NULL) { /* we've already selected the slot */ if (PK11_GetSlotID(h->slot) == slot_num) { return 0; } /* the slot we've selected isn't the one we want to open */ PK11_FreeSlot(h->slot); h->slot = NULL; } /* look the slot up */ h->slot = SECMOD_LookupSlot(h->module->moduleID, slot_num); if (h->slot == NULL) { return -1; } /* make sure it is present */ if (!PK11_IsPresent(h->slot)) { PK11_FreeSlot(h->slot); h->slot = NULL; return -1; } return 0; }
static int nss_load_key(struct connectdata *conn, int sockindex, char *key_file) { #ifdef HAVE_PK11_CREATEGENERICOBJECT PK11SlotInfo * slot = NULL; CK_ATTRIBUTE *attrs; CK_ATTRIBUTE theTemplate[20]; CK_BBOOL cktrue = CK_TRUE; CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY; CK_SLOT_ID slotID; char slotname[SLOTSIZE]; struct ssl_connect_data *sslconn = &conn->ssl[sockindex]; attrs = theTemplate; /* FIXME: grok the various file types */ slotID = 1; /* hardcoded for now */ snprintf(slotname, sizeof(slotname), "PEM Token #%ld", slotID); slot = PK11_FindSlotByName(slotname); if(!slot) return 0; PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass) ); attrs++; PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL) ); attrs++; PK11_SETATTRS(attrs, CKA_LABEL, (unsigned char *)key_file, strlen(key_file)+1); attrs++; /* When adding an encrypted key the PKCS#11 will be set as removed */ sslconn->key = PK11_CreateGenericObject(slot, theTemplate, 3, PR_FALSE /* isPerm */); if(sslconn->key == NULL) { PR_SetError(SEC_ERROR_BAD_KEY, 0); return 0; } /* This will force the token to be seen as re-inserted */ SECMOD_WaitForAnyTokenEvent(mod, 0, 0); PK11_IsPresent(slot); /* parg is initialized in nss_Init_Tokens() */ if(PK11_Authenticate(slot, PR_TRUE, conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) { PK11_FreeSlot(slot); return 0; } PK11_FreeSlot(slot); return 1; #else /* If we don't have PK11_CreateGenericObject then we can't load a file-based * key. */ (void)conn; /* unused */ (void)key_file; /* unused */ return 0; #endif }
/* * This thread looks for card and reader insertions and puts events on the * event queue */ static void vcard_emul_event_thread(void *arg) { PK11SlotInfo *slot; VReader *vreader; VReaderEmul *vreader_emul; VCard *vcard; SECMODModule *module = (SECMODModule *)arg; do { slot = SECMOD_WaitForAnyTokenEvent(module, 0, 500); if (slot == NULL) { break; } vreader = vcard_emul_find_vreader_from_slot(slot); if (vreader == NULL) { /* new vreader */ vreader_emul = vreader_emul_new(slot, default_card_type, default_type_params); vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul, vreader_emul_delete); PK11_FreeSlot(slot); slot = NULL; vreader_add_reader(vreader); vreader_free(vreader); continue; } /* card remove/insert */ vreader_emul = vreader_get_private(vreader); if (PK11_IsPresent(slot)) { int series = PK11_GetSlotSeries(slot); if (series != vreader_emul->series) { if (vreader_emul->present) { vreader_insert_card(vreader, NULL); } vcard = vcard_emul_mirror_card(vreader); vreader_insert_card(vreader, vcard); vcard_free(vcard); } vreader_emul->series = series; vreader_emul->present = 1; vreader_free(vreader); PK11_FreeSlot(slot); continue; } if (vreader_emul->present) { vreader_insert_card(vreader, NULL); } vreader_emul->series = 0; vreader_emul->present = 0; PK11_FreeSlot(slot); vreader_free(vreader); } while (1); }
static SECStatus nss_Init_Tokens(struct connectdata * conn) { PK11SlotList *slotList; PK11SlotListElement *listEntry; SECStatus ret, status = SECSuccess; pphrase_arg_t *parg = NULL; parg = (pphrase_arg_t *) malloc(sizeof(*parg)); parg->retryCount = 0; parg->data = conn->data; PK11_SetPasswordFunc(nss_get_password); slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); for(listEntry = PK11_GetFirstSafe(slotList); listEntry; listEntry = listEntry->next) { PK11SlotInfo *slot = listEntry->slot; if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { if(slot == PK11_GetInternalKeySlot()) { failf(conn->data, "The NSS database has not been initialized.\n"); } else { failf(conn->data, "The token %s has not been initialized.", PK11_GetTokenName(slot)); } PK11_FreeSlot(slot); continue; } ret = PK11_Authenticate(slot, PR_TRUE, parg); if(SECSuccess != ret) { if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) infof(conn->data, "The password for token '%s' is incorrect\n", PK11_GetTokenName(slot)); status = SECFailure; break; } parg->retryCount = 0; /* reset counter to 0 for the next token */ PK11_FreeSlot(slot); } free(parg); return status; }
/* * put together the various PK11_Create_Context calls used by different * parts of libsec. */ PK11Context * __PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, SECItem *param, void *wincx) { PK11SymKey *symKey = NULL; PK11Context *context = NULL; /* first get a slot */ if (slot == NULL) { slot = PK11_GetBestSlot(type,wincx); if (slot == NULL) { PORT_SetError( SEC_ERROR_NO_MODULE ); goto loser; } } else { PK11_ReferenceSlot(slot); } /* now import the key */ symKey = PK11_ImportSymKey(slot, type, origin, operation, key, wincx); if (symKey == NULL) goto loser; context = PK11_CreateContextBySymKey(type, operation, symKey, param); loser: if (symKey) { PK11_FreeSymKey(symKey); } if (slot) { PK11_FreeSlot(slot); } return context; }
CryptoRc4 crypto_rc4_init(uint8 * key, uint32 len) { CryptoRc4 rc4 = xmalloc(sizeof(*rc4)); CK_MECHANISM_TYPE cipherMech = CKM_RC4; PK11SlotInfo* slot = PK11_GetInternalKeySlot(); ASSERT(slot); SECItem keyItem; keyItem.type = siBuffer; keyItem.data = key; keyItem.len = len; PK11SymKey* symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); ASSERT(symKey); SECItem* secParam = PK11_ParamFromIV(cipherMech, NULL); ASSERT(secParam); rc4->context = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, symKey, secParam); ASSERT(rc4->context); PK11_FreeSymKey(symKey); SECITEM_FreeItem(secParam, PR_TRUE); PK11_FreeSlot(slot); return rc4; }
/* * before we do a private key op, we check to see if we * need to reauthenticate. */ void PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx) { int askpw = slot->askpw; PRBool NeedAuth = PR_FALSE; if (!slot->needLogin) return; if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) { PK11SlotInfo *def_slot = PK11_GetInternalKeySlot(); if (def_slot) { askpw = def_slot->askpw; PK11_FreeSlot(def_slot); } } /* timeouts are handled by isLoggedIn */ if (!PK11_IsLoggedIn(slot,wincx)) { NeedAuth = PR_TRUE; } else if (askpw == -1) { if (!PK11_Global.inTransaction || (PK11_Global.transaction != slot->authTransact)) { PK11_EnterSlotMonitor(slot); PK11_GETTAB(slot)->C_Logout(slot->session); slot->lastLoginCheck = 0; PK11_ExitSlotMonitor(slot); NeedAuth = PR_TRUE; } } if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx); }
/* * SVRCORE_DestroyPk11PinStore */ void SVRCORE_DestroyPk11PinStore(SVRCOREPk11PinStore *store) { if (store == 0) return; if (store->slot) { PK11_FreeSlot(store->slot); } if (store->params) { SECITEM_ZfreeItem(store->params, PR_TRUE); } if (store->key) { PK11_FreeSymKey(store->key); } if (store->crypt) { memset(store->crypt, 0, store->length); free(store->crypt); } free(store); }
/************************************************************************ * * I n i t P W */ Error InitPW(void) { PK11SlotInfo *slot; Error ret = UNSPECIFIED_ERR; slot = PK11_GetInternalKeySlot(); if (!slot) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal"); return NO_SUCH_TOKEN_ERR; } /* Set the initial password to empty */ if (PK11_NeedUserInit(slot)) { if (PK11_InitPin(slot, NULL, "") != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]); ret = INITPW_FAILED_ERR; goto loser; } } ret = SUCCESS; loser: PK11_FreeSlot(slot); return ret; }
static PK11Context* sipe_crypt_ctx_create(CK_MECHANISM_TYPE cipherMech, const guchar *key, gsize key_length) { PK11SlotInfo* slot; SECItem keyItem; SECItem ivItem; PK11SymKey* SymKey; SECItem *SecParam; PK11Context* EncContext; /* For key */ slot = PK11_GetBestSlot(cipherMech, NULL); keyItem.type = siBuffer; keyItem.data = (unsigned char *)key; keyItem.len = key_length; SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); /* Parameter for crypto context */ ivItem.type = siBuffer; ivItem.data = NULL; ivItem.len = 0; SecParam = PK11_ParamFromIV(cipherMech, &ivItem); EncContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, SymKey, SecParam); PK11_FreeSymKey(SymKey); SECITEM_FreeItem(SecParam, PR_TRUE); PK11_FreeSlot(slot); return EncContext; }
static int nss_load_key(struct connectdata *conn, int sockindex, char *key_file) { #ifdef HAVE_PK11_CREATEGENERICOBJECT PK11SlotInfo *slot; SECStatus status; struct ssl_connect_data *ssl = conn->ssl; if(CURLE_OK != nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE)) { PR_SetError(SEC_ERROR_BAD_KEY, 0); return 0; } slot = PK11_FindSlotByName("PEM Token #1"); if(!slot) return 0; /* This will force the token to be seen as re-inserted */ SECMOD_WaitForAnyTokenEvent(mod, 0, 0); PK11_IsPresent(slot); status = PK11_Authenticate(slot, PR_TRUE, conn->data->set.str[STRING_KEY_PASSWD]); PK11_FreeSlot(slot); return (SECSuccess == status) ? 1 : 0; #else /* If we don't have PK11_CreateGenericObject then we can't load a file-based * key. */ (void)conn; /* unused */ (void)key_file; /* unused */ return 0; #endif }
static int init_nss_hash(knet_handle_t knet_h) { PK11SlotInfo* hash_slot = NULL; SECItem hash_param; struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance; if (!hash_to_nss[instance->crypto_hash_type]) { return 0; } hash_param.type = siBuffer; hash_param.data = instance->private_key; hash_param.len = instance->private_key_len; hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL); if (hash_slot == NULL) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to find security slot (err %d)", PR_GetError()); return -1; } instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot, hash_to_nss[instance->crypto_hash_type], PK11_OriginUnwrap, CKA_SIGN, &hash_param, NULL); if (instance->nss_sym_key_sign == NULL) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "Failure to import key into NSS (err %d)", PR_GetError()); return -1; } PK11_FreeSlot(hash_slot); return 0; }
static int init_nss_crypto(knet_handle_t knet_h) { PK11SlotInfo* crypt_slot = NULL; SECItem crypt_param; struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance; if (!cipher_to_nss[instance->crypto_cipher_type]) { return 0; } crypt_param.type = siBuffer; crypt_param.data = instance->private_key; crypt_param.len = cipher_key_len[instance->crypto_cipher_type]; crypt_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL); if (crypt_slot == NULL) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to find security slot (err %d)", PR_GetError()); return -1; } instance->nss_sym_key = PK11_ImportSymKey(crypt_slot, cipher_to_nss[instance->crypto_cipher_type], PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT, &crypt_param, NULL); if (instance->nss_sym_key == NULL) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "Failure to import key into NSS (err %d)", PR_GetError()); return -1; } PK11_FreeSlot(crypt_slot); return 0; }
PRBool sslint_DamageTrafficSecret(PRFileDesc *fd, size_t offset) { unsigned char data[32] = {0}; PK11SymKey **keyPtr; PK11SlotInfo *slot = PK11_GetInternalSlot(); SECItem key_item = {siBuffer, data, sizeof(data)}; sslSocket *ss = ssl_FindSocket(fd); if (!ss) { return PR_FALSE; } if (!slot) { return PR_FALSE; } keyPtr = (PK11SymKey **)((char *)&ss->ssl3.hs + offset); if (!*keyPtr) { return PR_FALSE; } PK11_FreeSymKey(*keyPtr); *keyPtr = PK11_ImportSymKey(slot, CKM_NSS_HKDF_SHA256, PK11_OriginUnwrap, CKA_DERIVE, &key_item, NULL); PK11_FreeSlot(slot); if (!*keyPtr) { return PR_FALSE; } return PR_TRUE; }
NSS_IMPLEMENT PRStatus nssDecodedPKIXCertificate_Destroy ( nssDecodedCert *dc ) { CERTCertificate *cert = (CERTCertificate *)dc->data; /* The decoder may only be half initialized (the case where we find we * could not decode the certificate). In this case, there is not cert to * free, just free the dc structure. */ if (cert) { PRBool freeSlot = cert->ownSlot; PK11SlotInfo *slot = cert->slot; PRArenaPool *arena = cert->arena; /* zero cert before freeing. Any stale references to this cert * after this point will probably cause an exception. */ PORT_Memset(cert, 0, sizeof *cert); /* free the arena that contains the cert. */ PORT_FreeArena(arena, PR_FALSE); if (slot && freeSlot) { PK11_FreeSlot(slot); } } nss_ZFreeIf(dc); return PR_SUCCESS; }
void nsPK11Token::destructorSafeDestroyNSSReference() { if (mSlot) { PK11_FreeSlot(mSlot); mSlot = nullptr; } }
void crypto_rsa_encrypt(int len, uint8 * in, uint8 * out, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { SECKEYPublicKey pubKey; pubKey.arena = NULL; pubKey.keyType = rsaKey; pubKey.pkcs11Slot = NULL; pubKey.pkcs11ID = CK_INVALID_HANDLE; pubKey.u.rsa.arena = NULL; pubKey.u.rsa.modulus.type = siUnsignedInteger; pubKey.u.rsa.modulus.data = modulus; pubKey.u.rsa.modulus.len = modulus_size; pubKey.u.rsa.publicExponent.type = siUnsignedInteger; pubKey.u.rsa.publicExponent.data = exponent; pubKey.u.rsa.publicExponent.len = SEC_EXPONENT_SIZE; ASSERT(modulus_size <= SEC_MAX_MODULUS_SIZE); uint8 in_be[SEC_MAX_MODULUS_SIZE]; memset(in_be, 0, modulus_size - len); /* must be padded to modulus_size */ memcpy(in_be + modulus_size - len, in, len); SECStatus s = PK11_PubEncryptRaw(&pubKey, out, in_be, modulus_size, NULL); check(s, "Error rsa-encrypting"); ASSERT(pubKey.pkcs11Slot); PK11_FreeSlot(pubKey.pkcs11Slot); }
/* * Digest contexts don't need keys, but the do need to find a slot. * Macing should use PK11_CreateContextBySymKey. */ PK11Context * PK11_CreateDigestContext(SECOidTag hashAlg) { /* digesting has to work without authentication to the slot */ CK_MECHANISM_TYPE type; PK11SlotInfo *slot; PK11Context *context; SECItem param; type = PK11_AlgtagToMechanism(hashAlg); slot = PK11_GetBestSlot(type, NULL); if (slot == NULL) { PORT_SetError( SEC_ERROR_NO_MODULE ); return NULL; } /* maybe should really be PK11_GenerateNewParam?? */ param.data = NULL; param.len = 0; param.type = 0; context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, ¶m); PK11_FreeSlot(slot); return context; }
/********************************************************************* * * i n s t a l l _ c e r t * * Installs the cert in the permanent database. */ static CERTCertificate* install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname) { CERTCertificate * newcert; PK11SlotInfo * newSlot; newSlot = PK11_ImportDERCertForKey(derCert, nickname, &pwdata); if ( newSlot == NULL ) { PR_fprintf(errorFD, "Unable to install certificate\n"); errorCount++; exit(ERRX); } newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, &pwdata); PK11_FreeSlot(newSlot); if (newcert == NULL) { PR_fprintf(errorFD, "%s: can't find new certificate\n", PROGRAM_NAME); errorCount++; exit (ERRX); } if (verbosity >= 0) { PR_fprintf(outputFD, "certificate \"%s\" added to database\n", nickname); } return newcert; }
char *oauth_body_hash_data(size_t length, const char *data) { PK11SlotInfo *slot = NULL; PK11Context *context = NULL; unsigned char digest[20]; // Is there a way to tell how large the output is? unsigned int len; SECStatus s; char *rv=NULL; oauth_init_nss(); slot = PK11_GetInternalKeySlot(); if (!slot) goto looser; context = PK11_CreateDigestContext(SEC_OID_SHA1); if (!context) goto looser; s = PK11_DigestBegin(context); if (s != SECSuccess) goto looser; s = PK11_DigestOp(context, (unsigned char*) data, length); if (s != SECSuccess) goto looser; s = PK11_DigestFinal(context, digest, &len, sizeof digest); if (s != SECSuccess) goto looser; unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest.. memcpy(dgst, digest, len); rv=oauth_body_hash_encode(len, dgst); looser: if (context) PK11_DestroyContext(context, PR_TRUE); if (slot) PK11_FreeSlot(slot); return rv; }
char *oauth_sign_rsa_sha1 (const char *m, const char *k) { PK11SlotInfo *slot = NULL; SECKEYPrivateKey *pkey = NULL; SECItem signature; SECStatus s; SECItem der; char *rv=NULL; char *key = oauth_strip_pkcs(k, NS_PRIV_HEADER, NS_PRIV_TRAILER); if (!key) return NULL; oauth_init_nss(); slot = PK11_GetInternalKeySlot(); if (!slot) goto looser; s = ATOB_ConvertAsciiToItem(&der, key); if (s != SECSuccess) goto looser; s = PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, &der, NULL, NULL, PR_FALSE, PR_TRUE, KU_ALL, &pkey, NULL); SECITEM_FreeItem(&der, PR_FALSE); if (s != SECSuccess) goto looser; if (!pkey) goto looser; if (pkey->keyType != rsaKey) goto looser; s = SEC_SignData(&signature, (unsigned char*) m, strlen(m), pkey, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE); if (s != SECSuccess) goto looser; rv=oauth_encode_base64(signature.len, signature.data); SECITEM_FreeItem(&signature, PR_FALSE); looser: if (pkey) SECKEY_DestroyPrivateKey(pkey); if (slot) PK11_FreeSlot(slot); free(key); return rv; }
static CURLcode nss_load_key(struct connectdata *conn, int sockindex, char *key_file) { PK11SlotInfo *slot; SECStatus status; CURLcode rv; struct ssl_connect_data *ssl = conn->ssl; (void)sockindex; /* unused */ rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE); if(CURLE_OK != rv) { PR_SetError(SEC_ERROR_BAD_KEY, 0); return rv; } slot = PK11_FindSlotByName("PEM Token #1"); if(!slot) return CURLE_SSL_CERTPROBLEM; /* This will force the token to be seen as re-inserted */ SECMOD_WaitForAnyTokenEvent(mod, 0, 0); PK11_IsPresent(slot); status = PK11_Authenticate(slot, PR_TRUE, conn->data->set.str[STRING_KEY_PASSWD]); PK11_FreeSlot(slot); return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM; }
void nsProtectedAuthThread::Run(void) { // Login with null password. This call will also do C_Logout() but // it is harmless here mLoginResult = PK11_CheckUserPassword(mSlot, 0); nsIObserver *observer = nsnull; PR_Lock(mMutex); mLoginReady = PR_TRUE; mIAmRunning = PR_FALSE; // Forget the slot if (mSlot) { PK11_FreeSlot(mSlot); mSlot = 0; } if (!mStatusObserverNotified) { observer = mStatusObserver; } mStatusObserver = nsnull; mStatusObserverNotified = PR_TRUE; PR_Unlock(mMutex); if (observer) observer->Observe(nsnull, "operation-completed", nsnull); }
/* Generate a key pair, and then generate a subjectPublicKeyInfo ** for the public key in that pair. return all 3. */ CERTSubjectPublicKeyInfo * GetSubjectPubKeyInfo(TESTKeyPair *pair) { CERTSubjectPublicKeyInfo *spki = NULL; SECKEYPrivateKey *privKey = NULL; SECKEYPublicKey *pubKey = NULL; PK11SlotInfo *keySlot = NULL; keySlot = PK11_GetInternalKeySlot(); PK11_Authenticate(keySlot, PR_FALSE, &pwdata); if (!doingDSA) { PK11RSAGenParams *rsaParams = GetRSAParams(); if (rsaParams == NULL) { PK11_FreeSlot(keySlot); return NULL; } privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN, (void*)rsaParams, &pubKey, PR_FALSE, PR_FALSE, &pwdata); } else { PQGParams *dsaParams = GetDSAParams(); if (dsaParams == NULL) { PK11_FreeSlot(keySlot); return NULL; } privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN, (void*)dsaParams, &pubKey, PR_FALSE, PR_FALSE, &pwdata); } PK11_FreeSlot(keySlot); if (privKey == NULL || pubKey == NULL) { if (pubKey) { SECKEY_DestroyPublicKey(pubKey); } if (privKey) { SECKEY_DestroyPrivateKey(privKey); } return NULL; } spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey); pair->privKey = privKey; pair->pubKey = pubKey; return spki; }
PRBool PK11_NeedPWInit() { PK11SlotInfo *slot = PK11_GetInternalKeySlot(); PRBool ret = PK11_NeedPWInitForSlot(slot); PK11_FreeSlot(slot); return ret; }
static void vcard_emul_delete_card(VCardEmul *vcard_emul) { PK11SlotInfo *slot = (PK11SlotInfo *)vcard_emul; if (slot == NULL) { return; } PK11_FreeSlot(slot); }
static int sss_nss_crypto_ctx_destructor(struct sss_nss_crypto_ctx *cctx) { if (cctx->ectx) PK11_DestroyContext(cctx->ectx, PR_TRUE); if (cctx->sparam) SECITEM_FreeItem(cctx->sparam, PR_TRUE); if (cctx->slot) PK11_FreeSlot(cctx->slot); if (cctx->keyobj) PK11_FreeSymKey(cctx->keyobj); return EOK; }
SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions) { CERTSignedCrl *crl = NULL; SECItem crlDER; PK11SlotInfo* slot = NULL; int rv; #if defined(DEBUG_jp96085) PRIntervalTime starttime, endtime, elapsed; PRUint32 mins, secs, msecs; #endif crlDER.data = NULL; /* Read in the entire file specified with the -f argument */ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); return (SECFailure); } decodeOptions |= CRL_DECODE_DONT_COPY_DER; slot = PK11_GetInternalKeySlot(); #if defined(DEBUG_jp96085) starttime = PR_IntervalNow(); #endif crl = PK11_ImportCRL(slot, &crlDER, url, type, NULL, importOptions, NULL, decodeOptions); #if defined(DEBUG_jp96085) endtime = PR_IntervalNow(); elapsed = endtime - starttime; mins = PR_IntervalToSeconds(elapsed) / 60; secs = PR_IntervalToSeconds(elapsed) % 60; msecs = PR_IntervalToMilliseconds(elapsed) % 1000; printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); #endif if (!crl) { const char *errString; rv = SECFailure; errString = SECU_Strerror(PORT_GetError()); if ( errString && PORT_Strlen (errString) == 0) SECU_PrintError (progName, "CRL is not imported (error: input CRL is not up to date.)"); else SECU_PrintError (progName, "unable to import CRL"); } else { SEC_DestroyCrl (crl); } if (slot) { PK11_FreeSlot(slot); } return (rv); }
NS_IMETHODIMP nsKeyObjectFactory::KeyFromString(PRInt16 aAlgorithm, const nsACString & aKey, nsIKeyObject **_retval) { CK_MECHANISM_TYPE cipherMech; CK_ATTRIBUTE_TYPE cipherOperation; switch (aAlgorithm) { case nsIKeyObject::HMAC: cipherMech = CKM_GENERIC_SECRET_KEY_GEN; cipherOperation = CKA_SIGN; break; case nsIKeyObject::RC4: cipherMech = CKM_RC4; cipherOperation = CKA_ENCRYPT; break; default: return NS_ERROR_INVALID_ARG; } nsresult rv; nsCOMPtr<nsIKeyObject> key = do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv); NS_ENSURE_SUCCESS(rv, rv); // Convert the raw string into a SECItem const nsCString& flatKey = PromiseFlatCString(aKey); SECItem keyItem; keyItem.data = (unsigned char*)flatKey.get(); keyItem.len = flatKey.Length(); PK11SlotInfo *slot = nullptr; slot = PK11_GetBestSlot(cipherMech, nullptr); if (!slot) { NS_ERROR("no slot"); return NS_ERROR_FAILURE; } PK11SymKey* symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, cipherOperation, &keyItem, nullptr); // cleanup code if (slot) PK11_FreeSlot(slot); if (!symKey) { return NS_ERROR_FAILURE; } rv = key->InitKey(aAlgorithm, (void*)symKey); NS_ENSURE_SUCCESS(rv, rv); key.swap(*_retval); return NS_OK; }
static void free_PK11_ctx(struct PK11_ctx *ctx) { if(!ctx) return; if(ctx->list) CERT_DestroyCertList(ctx->list); if(ctx->obj) PK11_DestroyGenericObject(ctx->obj); if(ctx->slot) PK11_FreeSlot(ctx->slot); }